Splunk Stream

Installation and Configuration Manual

Splunk Stream for Cloud deployment architecture

To deploy Splunk Stream, contact your Splunk Cloud account team to install the Splunk App for Stream on Splunk Cloud. This installation typically includes a search head and an indexer.

You can install forwarders that work with this managed configuration. Forwarders fetch Stream configuration data from the Splunk App for Stream (splunk_app_stream) which is installed on the search head in on your Managed Splunk Cloud instance. The forwarders send captured data back to the Splunk Cloud indexers.

Splunk Stream supports two types of forwarders for a Managed Cloud instance of Splunk Stream.

  • Splunk Add-on for Stream Forwarders (Splunk_TA_stream) installed on universal forwarders. The configured Stream forwarder sends data over the Splunk2Splunk Protocol. If you use a heavy forwarder to collect and parse data, also install the Add-on for Stream Wire Data (Splunk_TA_stream_wire_data) on that heavy forwarder wherever that index performs pipeline processing.
  • An Independent Stream Forwarder (ISF). These forwarders send captured data using the HTTP Event Collector (HEC) to the Splunk Cloud indexers.

The following diagram describes deployment architecture of Splunk Stream on a Managed Splunk Cloud deployment with forwarders.

Stream on cloud architecture 73.png

Last modified on 03 March, 2022
Splunk Stream on-premise deployment architecture   Determine your network data collection architecture

This documentation applies to the following versions of Splunk Stream: 8.0.1, 8.0.2, 8.1.0, 8.1.1, 8.1.3

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters