All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Stream - Failed to detect Splunk_TA_stream status

alexiflo
Observer
‎08-18-2023 04:25 PM

Hello,

I am attempting to install the Splunk Stream but am running into issues after installing the necessary packages. I am installing the Stream App on a standalone Splunk instance on a VM and have tried on Ubuntu 22.04, Windows 10, Windows 2019 Server both on-premise and in AWS/Azure and am running to the exact same issue. 

After installing the Splunk App for Stream, Wire Data add-on, and Stream Forwarder add-on as instructed on the link below,  when I check the 'Collect data from this machine using Wire Data input (Splunk_TA_stream)', I get the following error:  Failed to detect Splunk_TA_stream status. 

https://docs.splunk.com/Documentation/StreamApp/7.4.0/DeployStreamApp/InstallSplunkAppforStreaminasi...

Pressing 'Redetect' does not help and running the permissions.sh script does not change anything. The Splunk instance itself is a fresh install (no additional configurations) and no other Apps besides Stream and its required add-ons have been installed.

Can someone please hep provide an explanation to this error code I am getting and why it is happened, regardless of which OS I am using? Is there additional steps I must complete? Any guidance is appreciated.

The workflow I have done is as follows:

1. deploy VM (on-prem or cloud, I have used both Ubuntu 22.07 and Windows)

2. install Splunk Enterprise on new VM

3. install Splunk App for Stream, Wire Data add-on, and Stream Forwarder

4. Restart the Splunk instance

Splunk_TA_stream.png

Labels (2)
Labels
0 Karma
Reply

schmi_ma
Engager
‎12-09-2024 07:46 AM

Was this ever solved? I am currently facing the same issue. I have already spent an afternoon trying to fix the permissions but nothing seems to work.

0 Karma
Reply

schmi_ma
Engager
‎12-09-2024 09:38 AM

I'll just reply to myself here:

The issue was that the hostname for some reason doesn't resolve properly in the inputs.conf file. It is supposed to automatically insert the actual hostname, but it doesn't.

I created the file "$SPLUNK_HOME/etc/system/default/inputs.conf" (as it didn't exist yet) and entered the following lines (replace [HOSTNAME] with the name of your host system running Splunk):

 

[default]
host = [HOSTNAME]

 

 This should override the default configuration in "$SPLUNK_HOME/etc/system/local/inputs.conf".

Afterwards, everything worked correctly

Reply

shunmu_jan28
Engager
‎02-13-2025 12:01 AM

This one actually fixed the issue been working on this over a day without a solution

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...