There are multiple Stream apps in the Splunk store...

ptur · ‎01-16-2023

hello, trying to capture DNS log traffic from an Active Directory Domain Controller.

the topology is this: cloud splunk instance, heavy forwarder on my LAN and universal forwarder on the DC.

i see multiple Stream apps in the splunk store - which app goes where? There is "Splunk App for Stream" then there's "Splunk Add-on for Stream Forwarders" then there's something called "Splunk Add-on for Stream Wire Data" - can you please help?

scelikok · ‎01-17-2023

Hi @ptur,

You can find information about where to install apps below;

Splunk App for Stream (https://splunkbase.splunk.com/app/1809 Forwarder management, dashboards, calculators, and admin tools
Splunk Add-on for Stream Wire Data (https://splunkbase.splunk.com/app/5234 Knowledge objects for parsing Stream data for use by users. Installed on Indexers and Search Heads.
Splunk Add-on for Stream Forwarders (https://splunkbase.splunk.com/app/5238 Network data collection tools for capturing network data, interpreting protocols, extracting custom fields, and sending to Splunk. Installed on Splunk Universal or Heavy Forwarders.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

There are multiple Stream apps in the Splunk store, which app goes where?

installation

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms