Stream Easy Setup
Splunk Stream provides an Easy Setup page that can help you set up and configure data collection on local and/or remote machines.
Set up data collection on local machine
Select the Collect data from this machine using Wire Data input (Splunk_TA_stream) check box.
- If you see "Splunk_TA_stream is not properly configured," click Redetect. In most cases, this sets proper permissions for the the
streamfwdbinary to capture packets on network interfaces.
- If you still see "Splunk_TA_stream is not properly configured," follow these Steps to Troubleshoot:
- Click Check Wire Data Input. This opens the Wire Data data input page.
- Click on streamfwd to check the data input.
- Click Save to validate the input.
- Click the Splunk_TA_stream log file. Examine the search results for errors.
- If you are still unable to configure
Splunk_TA_stream, click the Learn More link. This takes you to documentation that shows how to set proper permissions for
Set up data collection on remote machines
Splunk Stream supports independent Stream forwarder installation on compatible Linux machines.
1. Check Collect data from other machines.
- If you see "HTTP Event Collector streamfwd token configuration has been enabled," then the HTTP Event Collector endpoint is configured to receive data. Proceed to step 2.
- If you see "HTTP Event Collector streamfwd token configuration has been disabled," click View Configuration. This opens the HTTP Event Collector page. Click Enable for the streamfwd input to enable the HTTP Event Collector for streamfwd data input.
2. Copy and run the provided curl script on the command line of the Linux machine where you want to install
The script installs Stream Forwarder
3. Use the
sudo service streamfwd start | stop | restart | status command to control the service.
sudo service streamfwd start
Note: Independent Stream forwarder installation is not required. You can deploy independent Stream forwarder at anytime from the Distributed Forwarder Management page in the
For detailed information on Stream forwarder configuration, see: Configure Stream forwarder in this manual.
Deploy Splunk Stream on Splunk Cloud
Configure Stream forwarder
This documentation applies to the following versions of Splunk Stream™: 7.1.2, 7.1.3, 7.2.0