Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Stream Easy Setup

Splunk Stream provides an Easy Setup page that can help you set up and configure data collection on local and/or remote machines.

Set up data collection on local machine

Select the Collect data from this machine using Wire Data input (Splunk_TA_stream) check box.

  • If you see "Splunk_TA_stream is not properly configured," click Redetect. In most cases, this sets proper permissions for the the streamfwd binary to capture packets on network interfaces.
  • If you still see "Splunk_TA_stream is not properly configured," follow these Steps to Troubleshoot:
  1. Click Check Wire Data Input. This opens the Wire Data data input page. Click on streamfwd to check the data input, then click Save to validate the input.
  2. Click Splunk_TA_stream log file. Examine the search results for errors.
  3. If you are still unable to configure Splunk_TA_stream, click the Learn More link. This takes you to documentation that shows how to set proper permissions for Splunk_TA_stream.

Easy setup curl command.png

Set up data collection on remote machines

Splunk Stream supports independent Stream forwarder installation on compatible Linux machines.

1. Select the Collect data from other machines check box.

  • If you see “HTTP Event Collector streamfwd token configuration has been enabled,” then the HTTP Event Collector endpoint is configured to receive data. Proceed to step 2.
  • If you see “HTTP Event Collector streamfwd token configuration has been disabled,” click View Configuration. This opens the HTTP Event Collector page. Click Enable for the streamfwd input. The HTTP Event Collector is now enabled for streamfwd data input.

2. Copy and run the curl script on the command line of the Linux machine where you want to install streamfwd.

The script installs Stream Forwarder streamfwd in /opt/streamfwd.

3. Use the sudo service streamfwd start | stop | restart | status command to control the service.

For example: 

sudo service streamfwd start

Note: Independent Stream forwarder installation is not required. You can deploy independent Stream forwarder at anytime from the Distributed Forwarder Management page in the splunk_app_stream UI.


For detailed information on Stream forwarder configuration, see: Configure Stream forwarder in this manual.

Last modified on 08 November, 2016
Deploy Splunk Stream on Splunk Cloud   Configure Stream forwarder

This documentation applies to the following versions of Splunk Stream: 6.5.0, 6.5.1, 6.6.0, 6.6.1, 6.6.2, 7.0.0, 7.0.1, 7.1.0, 7.1.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters