Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Deployment requirements

This topic covers Splunk App for Stream hardware and software requirements. For a list of network protocols that Splunk App for Stream supports, see Supported Protocols in this manual.

Hardware requirements

Before you install Splunk App for Stream, make sure that your underlying Splunk Enterprise deployment meets the requirements specified in Introduction to capacity planning for Splunk Enterprise in the Splunk Enterprise Capacity Planning Manual.

For Splunk Enterprise reference hardware requirements, see Reference hardware in the Splunk Enterprise Capacity Planning Manual. Depending on the volume of network data that you plan to capture and index, additional CPU, memory, and storage capacity might be required.

For information on Splunk App for Stream performance, see Performance test results and recommendations in this manual.

Supported operating systems

Splunk App for Stream 6.2.0 and later supports the following operating systems:

Linux

  • Linux kernel version 2.6.x or later (32- and 64-bit).
  • Red Hat Enterprise Linux 5 or later
  • CentOS 5 or later
  • Ubuntu 10 or later
  • Debian 5 or later

Caution: Default Linux kernel settings are not sufficient for high-volume packet capture. Using these settings can cause missing packets and data loss. We recommend that you add the following kernel settings to your /etc/sysctl.conf file:

# increase kernel buffer sizes for reliable packet capture
net.core.rmem_default = 33554432
net.core.rmem_max = 33554432
net.core.netdev_max_backlog = 10000

Then run the following to reload the settings:

/sbin/sysctl -p

Mac OSX

  • Mac OSX version 10.8 or later.

Windows

  • Windows Server 2008R2 and later (64-bit).
  • Windows 7 (64-bit) Professional, Enterprise, and Ultimate editions.

Splunk App for Stream supports Local System and Administrator accounts only on Windows. For more information, see How the System account is used in Windows.

Splunk Enterprise version requirements

Splunk App for Stream runs on Splunk Enterprise. Make sure to download and install the appropriate version of Splunk Enterprise before you install Splunk App for Stream.

Splunk App for Stream version 6.2.0 and later requires Splunk Enterprise version 6.1.x or later. Splunk Enterprise version 6.2.1 or later is recommended.

Splunk App for Stream version 6.4.x requires Splunk Enterprise version 6.3.0 or later.

Download Splunk Enterprise.

Splunk Enterprise component requirements

In a distributed Splunk Enterprise environment, you must install Splunk App for Stream on universal forwarders, indexers, and search heads, as applicable to your deployment. For details on Splunk App for Stream component requirements, see Deployment architectures in this manual.

Supported browsers

Splunk App for Stream 6.2.0 and later supports these browsers:

  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest) (version 10.x is not supported)
  • Internet Explorer 9 or later. Internet Explorer version 9 is not supported in compatibility mode.

License requirements

Splunk app for Stream does not require a separate license. You can install and use Splunk App for Stream on Splunk Enterprise with a single Splunk Enterprise license.

Splunk Enterprise licenses are based on the amount of data stored by your Splunk indexers per day. For more information, see How Splunk licensing works in the Splunk Enterprise Admin Manual.

Last modified on 22 March, 2016
About Splunk App for Stream   Deployment architectures

This documentation applies to the following versions of Splunk Stream: 6.4.0, 6.4.1, 6.4.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters