All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Stream - initial configuration

heathramos
Path Finder
‎05-30-2025 08:06 AM

I want to use Stream to forward DNS to Splunk but I am having trouble with the initial configuration.

Info:

- running Splunk Enterprise on an onprem Windows Server. DNS servers are Windows DCs. 

- installed Stream app and add-on on Splunk Enterprise server, add-on is installed on Windows DCs

Troubleshooting:

- when I go into the Stream app, it runs the set up and I get an error: Unable to establish connection to /en-us/custom/splunk_app_stream/ping/: End of file. Note: I am able to ping splunk server from DNS server and port 8000 is open on the Splunk server firewall.

- when I go into Configure Streams, DNS is enabled

- on the DNS server, /etc/apps/Splunk_TA_stream/local/inputs.conf file contains splunk_stream_app_location = https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/

- on the DNS server, /etc/apps/Splunk_TA_stream/default/streamsfwd.conf file contains [streamfwd]
port = 8889 ipAddr = 127.0.0.1

Labels (2)
0 Karma
Reply

Meett
Splunk Employee
Splunk Employee
‎06-10-2025 06:36 PM

Hello @heathramos , 

From the DNS Server you can find possible ERROR logs around issue by going to $SPLUNK_HOME/var/log/splunk and search for file named streamfwd.log please check the ERROR and share here so we can help you with possible things.

0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎05-30-2025 08:32 AM

Hi @heathramos 

You mentioned that you can ping the Splunk server and you are sure port 8000 is open, but please could you confirm you can reach the splunk server from DNS server by accessing https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ from the DNS server?

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

heathramos
Path Finder
‎05-30-2025 08:45 AM

That URL doesn't work from the DNS server or the Splunk server

From DNS Server:

https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ returned a cert warning and if you click on continue, you get a 404 Not Found error page.

Tried https://SPLUNK-SERVERNAME.DOMAINNAME:8000/en-us/custom/splunk_app_stream/ but got same error

From Splunk Server:

https://SPLUNK-SERVERNAME:8000/en-us/custom/splunk_app_stream/ returned a cert warning and if you click on continue, you get a 404 Not Found error page.

https://localhost:8000/en-us/custom/splunk_app_stream/ returned a 404 Not Found error page.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...