We have a very small test enviroment, with a single instance Splunk server (running on Linux) and a handful of Windows servers with UFs installed.
I'm attempting to use Splunk Stream to monitor NIC traffic on the Windows UFs. Following the Splunk Stream docs precisely is confusing (and in many cases just wrong). https://docs.splunk.com/Documentation/StreamApp/7.4.0/DeployStreamApp/AboutSplunkStream
I'm at the point I want to use the Splunk server's deployment server functionality to distribute the Splunk_TA_stream to the Windows UFs, but I'm confused on how to properly configure the Splunk_TA_stream app before deploying it. (Docs say, Splunk_TA_stream will be installed in SPLUNK_HOME/etc/deployment-apps preconfigured... this is certainly not true in my case.)
I'm at a loss of how to configure Splunk_TA_stream before deploying it (via deployment server) to the Windows UFs.
Any insight is greatly appreciated.
Thanks