Splunk Data Stream Processor
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Stream on single instance deployment (Linux) in a Windows environment

adamsmith47
Communicator
‎09-28-2021 02:10 PM

We have a very small test enviroment, with a single instance Splunk server (running on Linux) and a handful of Windows servers with UFs installed.

I'm attempting to use Splunk Stream to monitor NIC traffic on the Windows UFs. Following the Splunk Stream docs precisely is confusing (and in many cases just wrong). https://docs.splunk.com/Documentation/StreamApp/7.4.0/DeployStreamApp/AboutSplunkStream

I'm at the point I want to use the Splunk server's deployment server functionality to distribute the Splunk_TA_stream to the Windows UFs, but I'm confused on how to properly configure the Splunk_TA_stream app before deploying it. (Docs say, Splunk_TA_stream will be installed in SPLUNK_HOME/etc/deployment-apps preconfigured... this is certainly not true in my case.)

I'm at a loss of how to configure Splunk_TA_stream before deploying it (via deployment server) to the Windows UFs.

Any insight is greatly appreciated.

Thanks

Labels (2)
Labels
0 Karma
Reply

devinmarco
New Member
‎07-04-2023 10:21 PM

Yes, Splunk Stream can be deployed on a single instance in a Windows environment. However, as you mentioned, there are some limitations to this deployment method.

One limitation is that you will not be able to use the Splunk Stream Universal Forwarder (UF) in a Windows environment. The UF is a Linux-only application that is used to collect data from Windows servers and send it to Splunk Stream. If you are deploying Splunk Stream on a single instance in a Windows environment, you will need to use the Splunk Stream Forwarder instead. The Splunk Stream Forwarder is a Windows-based application that can be used to collect data from Windows servers and send it to Splunk Stream.

Another limitation to deploying Splunk Stream on a single instance in a Windows environment is that you will not be able to take advantage of the Splunk Stream clustering feature. Clustering allows you to scale Splunk Stream by distributing the load across multiple Splunk Stream servers. If you are deploying Splunk Stream on a single instance in a Windows environment, you will not be able to take advantage of this feature.

Despite these limitations, deploying Splunk Stream on a single instance in a Windows environment can be a viable option for small deployments. If you are only collecting data from a few Windows servers, then the Splunk Stream Forwarder may be sufficient for your needs. Additionally, if you do not need to scale Splunk Stream, then you may not need to use the clustering feature.

Ultimately, the decision of whether or not to deploy Splunk Stream on a single instance in a Windows environment depends on your specific needs. If you are unsure of whether or not this deployment method is right for you, then I recommend that you contact Splunk support for assistance.

 
 
 
0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...
Top