How do I enable splunk stream forwarder? (1 machin...

Christians86 · ‎08-04-2021

Setup:

Splunk enterprise is on a VM, everything works fine

1 workstation had a universal forwarder

Problem: I need them to talk to eachother on the stream part.

What I have done until now:

(Splunk VM)I have added the stream app for splunk enterprise and restartet
(Workstation)I have added the stream app manually to C:\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream
(Workstation)I have added into inputs.conf

"splunk_stream_app_location =https://192.168.1.115:8000/en-us/custom/splunk_app_stream/"
(Workstation)I have not added anything on the workstation to streamfwd

When I come to (Splunk VM) - I am lost:

What am I doing wrong?

Install of splunk stream into splunk enterprise (VM) was done with normal config, in other words I haven't changed where apps are installed, so everything is standard there.

I have tried to read: https://docs.splunk.com/Documentation/StreamApp/7.3.0/DeployStreamApp/ConfigureStreamForwarder

But I'm not getting what I'm doing wrong here.

Any suggestions please? thx

Christians86 · ‎08-14-2021

Any suggestions?

Christians86 · ‎08-15-2021

Problem solved, I hadn't installed STM (Stream app, just the add on for forwarders)

How do I enable splunk stream forwarder? (1 machine, trial version)