Upgrade the Splunk Add-on for Stream Forwarders
Use the Deployment server for easy and consistent implementation across all forwarders. If your Stream deployment includes additional forwarders that are not on your Deployment server or if you are not using the Deployment server, you must manually upgrade Splunk Add-on for Stream Forwarders (
Splunk_TA_stream) on each forwarder.
For information about deploying apps and add-ons to search head clusters and Indexer clusters, see App deployment overview in the Splunk Enterprise Admin Manual.
Download the Splunk Add-on for Stream Forwarders at http://splunkbase.com/app/5238.
- Make a backup of your existing version of
- Extract the latest version of the Splunk Add-on for Stream Forwarders (Splunk_TA_stream) over your previous version.
- Restart your Splunk Enterprise instance.
Splunk Stream uses the WinPcap driver to capture packets on Windows systems. Due to a flaw in the WinPcap security model, installing Stream on Windows allows all local users to use WinPcap for packet sniffing. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges. On Windows systems, Splunk Stream only supports the Admin role.
Install the Splunk Add-on for Stream Forwarder
Configure Stream forwarder
This documentation applies to the following versions of Splunk Stream™: 7.3.0