Splunk Stream

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk Stream. For documentation on the most recent version, go to the latest release.

Distributed deployment installation and configuration requirements

Make sure you have the following prerequisites before you install Splunk Stream.

Network Protocols

For a list of network protocols that Splunk Stream supports, see Supported Protocols in this manual.

Hardware requirements and recommendations

  • For baseline Splunk Enterprise hardware requirements, see Reference hardware in the Splunk Enterprise Capacity Planning Manual. Depending on the volume of network data that you plan to capture and index, additional resources might be required.

Supported operating systems

Splunk Stream 7.1.2 and later supports the following operating systems:

Linux

  • Linux kernel version 3.10 or later(64 bit)
  • Red Hat Enterprise Linux 7.0 or later
  • CentOS 7.0 or later
  • Ubuntu 16.04 or later

Note: Splunk Add-on for Stream Forwarder is supported on 64-bit Linux (RHEL and Ubuntu).

Default Linux kernel settings are not sufficient for high-volume packet capture. Using these settings can cause missing packets and data loss. To avoid this issue, add the following kernel settings to your /etc/sysctl.conf file: 

# increase kernel buffer sizes for reliable packet capture
net.core.rmem_default = 33554432
net.core.rmem_max = 33554432
net.core.netdev_max_backlog = 10000

Then run the following to reload the settings: 

/sbin/sysctl -p

Mac OSX

  • Mac OSX version 10.11 or later.

Windows

  • Windows Server 2012R2 or later (64-bit)

Splunk Stream supports Local System and Administrator accounts on Windows. For more information, see How the System account is used in Windows.

Splunk Enterprise version requirements

Splunk Stream version 7.3.0 is supported on Splunk Enterprise 8.0. Download Splunk Enterprise.

Supported browsers

Splunk Stream 6.2.x and later supports these browsers:

  • Chrome (latest)
  • Safari (latest)
  • Firefox (latest) (version 10.x is not supported)
  • Internet Explorer 9 or later. Internet Explorer version 9 is not supported in compatibility mode.

License requirements

Splunk Stream does not require a separate license. You can install and use Splunk Stream on Splunk Enterprise with a single Splunk Enterprise license.

Splunk Enterprise licenses are based on the amount of data stored by your Splunk indexers per day. For more information, see How Splunk licensing works in the Splunk Enterprise Admin Manual.

Targeted packet capture and file extraction requirements

To use targeted packet capture and file extraction, map your Splunk Stream deployment to a remote file server. For instructions, see Configure targeted packet capture and Configure file extraction in this manual.

Targeted packet capture and file extraction require Splunk Stream version 7.1.0 or later.

NetFlow requirements

  • NefFlow data collection requires Splunk Stream version 7.0.0 or later.
  • NetFlow Application ID field decoding requires Splunk Stream version 7.2.0 or later.
  • NetFlow event timestamp based on NetFlow record flow timestamps requires Splunk Stream version 7.2.0 or later.

To learn more about NetFlow, see Use Splunk Stream to ingest Netflow and IPFIX data.

Last modified on 03 March, 2022
Install an Independent Stream Forwarder for Splunk Cloud   Distributed deployment installation and configuration overview

This documentation applies to the following versions of Splunk Stream: 7.3.0, 7.4.0, 8.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters