Install Splunk Stream on a single instance deployment
In a single-instance deployment of Splunk, the same single Splunk Enterprise instance serves as both search head and indexer. All packages are installed on your single instance.
For full Splunk Stream functionality, you download and install three packages on your Splunk Enterprise instance:
- Splunk App for Stream, packaged as
splunk_app_stream
- Splunk Add-on for Stream Forwarders, packaged as
Splunk_TA_stream
- Splunk Add-on for Stream Wire Data, packaged as
Splunk_TA_stream_wire_data
Splunk Stream also provides Independent Stream Forwarders, which is is packaged as a binary file <streamfwd>
in the Splunk App for Stream package.
For more about Splunk Stream components, see Splunk Stream installation package overview in this manual.
Install the Splunk App for Stream
To deploy the Splunk App for Stream install splunk_app_stream
in $SPLUNK_HOME/etc/apps
on your Splunk Enterprise instance.
- Go to http://splunkbase.splunk.com/app/1809
- Click Download. The installation package downloads to your local host.
- Log into Splunk Web.
- Click Manage Apps > Install app from file.
- Upload the installer file.
- Restart Splunk Enterprise if prompted.
Install the Splunk Add-on for Stream Wire Data
To deploy the Splunk Add-on for Stream Wire Data install Splunk_app_stream
in $SPLUNK_HOME/etc/apps
on your Splunk Enterprise instance.
- Go to http://splunkbase.com/app/5234
- Click Download. The installation package downloads to your local host.
- Log into Splunk Web.
- Click Manage Apps > Install app from file.
- Upload the installer file.
- Restart Splunk Enterprise if prompted.
Install Splunk Add-on for Stream Forwarder on a single instance
To configure your single instance of Splunk Enterprise as a Stream forwarder, install Splunk_TA_stream
in $SPLUNK_HOME/etc/apps
on your Splunk Enterprise instance.
- Go to http://splunkbase.com/app/5238.
- Click Download. The installation package downloads to your local host.
- Log into Splunk Web.
- Click Manage Apps > Install app from file.
- Upload the installer file.
- Restart Splunk Enterprise if prompted.
Stream Easy Setup
Splunk Stream provides an Easy Setup page that can help you set up and configure data collection on your local machines for deployment on a single instance of Splunk Enterprise.
Set up data collection on the local machine
- Select the Collect data from this machine using Wire Data input check box.
- If you see the message "Splunk_TA_stream is not properly configured," click Redetect. In most cases, this sets proper permissions for the the
streamfwd
binary to capture packets on network interfaces. - If Splunk can not detect the binary and you still see the message "Splunk_TA_stream is not properly configured," try the following:
- Click Check Wire Data Input. This opens the Wire Data data input page.
- Click on streamfwd to check the data input.
- Click Save to validate the input.
- Click the Splunk_TA_stream log file. Examine the search results for errors.
- If you are still unable to configure
Splunk_TA_stream
, click the Learn More link. This takes you to documentation that shows how to set proper permissions forSplunk_TA_stream
.
Deployment requirements | Migrate Splunk Stream in a Splunk Single Instance deployment |
This documentation applies to the following versions of Splunk Stream™: 7.3.0, 7.4.0, 8.0.0
Feedback submitted, thanks!