Solved: Re: Splunk Stream change of heavy forwarder

_daver · ‎07-21-2019

Hi

I am running Splunk Stream in a SplunkCloud environment. I have a heavy fowarder (say hf01) that has stream app installed and it communicates with the splunk fowardwarders where Stream TA is running and pushes the latest config.

I have changed the heavy forwarder that has stream app installed from hf01 to hf03. How can I let my UF's know that now check hf03 instead of hf01 for configurations?

nabeel652 · ‎07-22-2019

On all of your UF's (either manually or through config manager/deployment server) change the splunk_stream_app_location to new heavy forwarder. It should look like this:

[streamfwd://streamfwd]
splunk_stream_app_location = http://hf03:8000/en-US/custom/splunk_app_stream/
stream_forwarder_id = <Your fwdr id>
disabled = false

View solution in original post

nabeel652 · ‎07-22-2019

On all of your UF's (either manually or through config manager/deployment server) change the splunk_stream_app_location to new heavy forwarder. It should look like this:

[streamfwd://streamfwd]
splunk_stream_app_location = http://hf03:8000/en-US/custom/splunk_app_stream/
stream_forwarder_id = <Your fwdr id>
disabled = false

nabeel652 · ‎07-22-2019

BTW the location of the file would be:

[SPLUNK_HOME]/etc/apps/splunk_TA_stream/local/inputs.conf

_daver · ‎07-22-2019

Thanks @nabeel652
That worked!

Splunk Stream change of heavy forwarder

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Splunk Stream change of heavy forwarder

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!