Splunk Stream

Installation and Configuration Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Distributed deployment installation and configuration overview

A distributed deployment for Splunk Stream includes the following components. For installation steps, see Install Splunk Stream in a distributed deployment

Component Usage
search heads splunk_app_stream and Splunk_TA_stream_wire_data are required on search heads.
indexers Splunk_TA_stream_wire_data is required on all indexers for searching and parsing.
universal forwarders Splunk_TA_stream is required on universal forwarders at the location(s) where you want to capture network data. For more information, see Network collection architectures in this manual.
heavy forwarders
  • Install Splunk_TA_stream where you want to capture network data.
  • Install Splunk_TA_stream_wire_data on your heavy forwarder wherever that index performs pipeline processing.
deployment server Use the Splunk deployment server to distribute Splunk_TA_stream to universal forwarders across a distributed deployment. When you upgrade to a new version of Splunk Stream, if the deployment server detects a new version of Splunk_TA_stream then all universal forwarders subscribed as deployment clients will pull and install the new version. For more information, see
Last modified on 03 March, 2022
PREVIOUS
Distributed deployment installation and configuration requirements
  NEXT
Install Splunk Stream in a distributed deployment

This documentation applies to the following versions of Splunk Stream: 7.3.0, 7.4.0, 8.0.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters