Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Data Stream Processor
- :
- Re: Splunk Stream on single instance deployment (L...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk Stream on single instance deployment (Linux) in a Windows environment
We have a very small test enviroment, with a single instance Splunk server (running on Linux) and a handful of Windows servers with UFs installed.
I'm attempting to use Splunk Stream to monitor NIC traffic on the Windows UFs. Following the Splunk Stream docs precisely is confusing (and in many cases just wrong). https://docs.splunk.com/Documentation/StreamApp/7.4.0/DeployStreamApp/AboutSplunkStream
I'm at the point I want to use the Splunk server's deployment server functionality to distribute the Splunk_TA_stream to the Windows UFs, but I'm confused on how to properly configure the Splunk_TA_stream app before deploying it. (Docs say, Splunk_TA_stream will be installed in SPLUNK_HOME/etc/deployment-apps preconfigured... this is certainly not true in my case.)
I'm at a loss of how to configure Splunk_TA_stream before deploying it (via deployment server) to the Windows UFs.
Any insight is greatly appreciated.
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, Splunk Stream can be deployed on a single instance in a Windows environment. However, as you mentioned, there are some limitations to this deployment method.
One limitation is that you will not be able to use the Splunk Stream Universal Forwarder (UF) in a Windows environment. The UF is a Linux-only application that is used to collect data from Windows servers and send it to Splunk Stream. If you are deploying Splunk Stream on a single instance in a Windows environment, you will need to use the Splunk Stream Forwarder instead. The Splunk Stream Forwarder is a Windows-based application that can be used to collect data from Windows servers and send it to Splunk Stream.
Another limitation to deploying Splunk Stream on a single instance in a Windows environment is that you will not be able to take advantage of the Splunk Stream clustering feature. Clustering allows you to scale Splunk Stream by distributing the load across multiple Splunk Stream servers. If you are deploying Splunk Stream on a single instance in a Windows environment, you will not be able to take advantage of this feature.
Despite these limitations, deploying Splunk Stream on a single instance in a Windows environment can be a viable option for small deployments. If you are only collecting data from a few Windows servers, then the Splunk Stream Forwarder may be sufficient for your needs. Additionally, if you do not need to scale Splunk Stream, then you may not need to use the clustering feature.
Ultimately, the decision of whether or not to deploy Splunk Stream on a single instance in a Windows environment depends on your specific needs. If you are unsure of whether or not this deployment method is right for you, then I recommend that you contact Splunk support for assistance.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
