I'm running a tiny proof-of-concept Splunk environment across 2 VMs. SE is on VM1 (Ubuntu 20.04), version 8.1.1. The universal forwarder is on VM2 (Ubuntu 20.04) and is sending the Splunk_TA_nix add-on metric data back just fine.

I have installed/configured version 7.3 of the Splunk Stream Add-On for Stream Forwarders on the universal forwarder and installed the Splunk Stream App on the SE VM, also version 7.3. 

On the forwarder there are the following conf files in /opt/splunkforwarder/etc/apps/Splunk_TA_stream/local:

----inputs.conf----

splunk_stream_app_location = https://10.0.2.15:8000/en-us/custom/splunk_app_stream/

stream_forwarder_id = 

disabled = 0

---------------------------

----streamfwd.conf----

port = 8889

ipAddr = 127.0.0.1

----------------------------

I can't get the network stream data from the forwarder into the SE search/reporting app, or the SE Stream app. The /opt/splunkforwarder/var/log/splunk/streamfwd.log is the only thing from the stream add-on on the forwarder that will place any data in SE at all and includes an error that says:

(CaptureServer.cpp:2211) stream.CaptureServer - unable to ping server (<longerrorcode>): Unable to establish connection to 10.0.2.15: wrong version number

8.1 should be compatible with the 7.3 installs of either stream app. Additionally I haven't seen anything mandating a specified version number anywhere. 

Things I have tried:

I can successfully ping SE at https://10.0.2.15:8000.

Tried modifying the .conf files in apps/default on the forwarder, which the docs say you're not supposed to do. Didn't work.

Tried all manner of switching port numbers in the .conf files.

Restarted many, many times. 

I am out of ideas. Someone please help?