Splunk Stream

Installation and Configuration Manual

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Upgrade the Splunk Add-on for Stream Forwarders

Use the Deployment server for easy and consistent implementation across all forwarders. If your Stream deployment includes additional forwarders that are not on your Deployment server or if you are not using the Deployment server, you must manually upgrade Splunk Add-on for Stream Forwarders (Splunk_TA_stream) on each forwarder.

For information about deploying apps and add-ons to search head clusters and Indexer clusters, see App deployment overview in the Splunk Enterprise Admin Manual.

Download the Splunk Add-on for Stream Forwarders at http://splunkbase.com/app/5238.

  1. Make a backup of your existing version of Splunk_TA_stream.
  2. Extract the latest version of the Splunk Add-on for Stream Forwarders (Splunk_TA_stream) over your previous version.
  3. Restart your Splunk Enterprise instance.

Splunk Stream uses the WinPcap driver to capture packets on Windows systems. Due to a flaw in the WinPcap security model, installing Stream on Windows allows all local users to use WinPcap for packet sniffing. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges. On Windows systems, Splunk Stream only supports the Admin role.

Last modified on 24 September, 2020
PREVIOUS
Install the Splunk Add-on for Stream Forwarder
  NEXT
Configure Stream forwarder

This documentation applies to the following versions of Splunk Stream: 7.3.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters