The Splunk Add-on for Stream Forwarders (Splunk_TA_stream) contains all of the components necessary for capturing network data, interpreting protocols, extracting custom fields and sending to Splunk. Installed on Splunk Universal or Heavy Forwarders.
The Splunk Add-on for Stream is installed on Splunk Universal or Heavy Forwarders or wherever network data collection is required.
Before the 7.3 release this package was shipped with the Splunk App for Stream. AS of 7.3 this app has been broken into the following packages:
Splunk App for Stream (https://splunkbase.splunk.com/app/1809): Forwarder management, dashboards, calculators and admin tools
Splunk Add-on for Stream Wire Data (https://splunkbase.splunk.com/app/5234): Knowledge objects for parsing Stream data for use by users. Installed on Indexers and Search Heads.
Splunk Add-on for Stream Forwarders (https://splunkbase.splunk.com/app/5238): Network data collection tools for capturing network data, interpreting protocols, extracting custom fields and sending to Splunk. Installed on Splunk Universal or Heavy Forwarders (or wherever network data collection is required).
Please see migration steps for moving from 7.2 to 7.3 in the Stream doumentation to prepare for this migraiton:
For first time installs follow the Stream installation docs:
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.