Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

deploying stream forwarder to universal forwarders does not work

sh_tavousi
Explorer
‎03-07-2021 04:47 AM

Hi, 

I'm having issue to deploy stream forwarder to UFs by Deployment Server. I have installed stream TA in deployment app but it doesn't work and I can't see forwarders in stream forwarder. In inputs.conf I set splunk_stream_app_location with address of my stream app and also I have stream logs from my stream APP but it doesn't work on UFs.

Can anybody help me with this problem?

Thanks.

Labels (1)
Labels
Tags (1)
0 Karma
Reply

tscroggins
Influencer
‎03-07-2021 05:59 AM

@sh_tavousi 

You're likely missing step 7 under https://docs.splunk.com/Documentation/StreamApp/7.3.0/DeployStreamApp/InstallStreamForwarder#Use_the.... This section doesn't actually describe using a deployment server, but it does at least cover the installation steps necessary.

7. Set Splunk_TA_stream permissions: On Linux and OSX, run the set_permissions.sh script in the Splunk_TA_stream directory.

cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream
sudo chmod +x ./set_permissions.sh
sudo ./set_permissions.sh

The deployment server can't perform this step without additional help in the form of sudo rules, wrapper scripts, run once inputs, or the use of a separate deployment tools.

0 Karma
Reply

sh_tavousi
Explorer
‎03-07-2021 10:32 PM

Hi,

I have installed stream TA on windows.

What should I do?

Thanks.

0 Karma
Reply

Vardhan
Contributor
‎03-13-2021 11:45 AM

Hi,

Install the Splunk_TA_stream in the UF and splunk_app_stream&Splunk_TA_stream in the HF. Go to the Splunk_TA_stream in the UF and config the inputs.conf as mentioned below

[streamfwd://streamfwd]

splunk_stream_app_location = https://HF_IP:8000/en-us/custom/splunk_app_stream/

disabled = 0

index = dns

And go to the Stream App in the HF and do the necessary config as mentioned in the below blog.

https://www.splunk.com/en_us/blog/tips-and-tricks/installing-and-managing-splunk-stream-in-a-distrib...

0 Karma
Reply

tscroggins
Influencer
‎03-13-2021 11:20 AM

@sh_tavousi 

Did you read and follow https://wiki.wireshark.org/CaptureSetup/CapturePrivileges? Do other WinPcap clients, e.g. Wireshark, work correctly?

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...