- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Stream Forwarder never come online
Hi All,
Deployment: Single Instance Splunk Enterprise
What I want: install the Splunk_TA_stream on my universal forwarder to capture DNS traffic as stream
The doc I followed
- https://docs.splunk.com/Documentation/StreamApp/8.1.3/DeployStreamApp/Deploymentrequirements
- https://lantern.splunk.com/Data_Descriptors/DNS_data/Installing_and_configuring_Splunk_Stream
The App and add-on are already installed
The Splunk_TA_stream has been deployed to the UF:
But I found that the streamfwd.exe is not running. Also I don't see the UF in the dashboard:
(only the splunk single instance itself is present, and it is even in Error Status)
Any insights for me to discover what went wrong?
Thank you in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Anyone who have idea on this??
Thanks in advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Footoasis0868,
Can you confirm if your Splunk instance GUI access is HTTPS enabled? If not your splunk_stream_app_location setting on UF must be http://xxxxx:8000/en-us/custom/splunk_app_stream/
Regarding your Splunk instance itself error state, please confirm you run set_permissions.sh to be able to start streamfwd.exe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @scelikok ,
Thanks. I checked the URL, and it is an error page and I can't locate the requestid from the splunk internal logs.
Regarding the set_permissions.sh, yes, I have run it using root in my Splunk instance. Just make it clear, I don't need to run similar script on the Windows server where I deployed the Splunk_TA_Stream app, correct?
Thanks again.