Splunk Stream

Installation and Configuration Manual

About Splunk Stream

Splunk Stream lets you capture, filter, index, and analyze streams of network event data.

A "stream" is a grouping of events defined by a specific network protocol and set of fields. When combined with logs, metrics, and other information, the streams that you capture with Splunk Stream can provide valuable insight into activities and suspicious behavior across your network infrastructure.

Use Splunk Stream to:

  • Passively capture live streams of network event data
  • Capture metadata and full packet streams for multiple network protocols
  • Collect NetFlow protocol data
  • Apply aggregation methods for statistical analysis of event data
  • Apply filters to minimize indexer requirements
  • Extract content from strings and generate hashes
  • Extract files from network traffic
  • Monitor network trends and app performance in pre-built dashboards
  • Deploy independent Stream forwarder to capture data on remote linux machines
  • Scale rapidly and unobtrusively with no need for tagging or instrumentation

For a detailed overview of the Splunk Stream components, see the Splunk Stream installation package overview.

To get started using Splunk Stream to capture network metadata and full network packets, see Configure Streams in the Splunk Stream User Manual.

Splunk Stream components

To deploy Splunk Stream, install three Stream packages on your existing Splunk Enterprise instances and/or compatible Linux machines.

  • Splunk App for Stream, packaged as splunk_app_stream
  • Splunk Add-on for Stream Forwarders, packaged as Splunk_TA_stream
  • Splunk Add-on for Stream Wire Data, packaged as Splunk_TA_stream_wire_data

Splunk Stream also provides the ability to deploy Independent Stream forwarders. This is packaged as a binary file <streamfwd> within the Splunk App for Stream installation.

For more about Splunk Stream components, see Splunk Stream installation package overview in this manual.

Supported Splunk Software configurations

Splunk Stream supports most Splunk Software configurations:

Last modified on 03 March, 2022
  Splunk Stream installation package overview

This documentation applies to the following versions of Splunk Stream: 8.0.1, 8.0.2, 8.1.0, 8.1.1, 8.1.3

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters