Splunk Stream installation package overview

As of Splunk Stream version 7.3, Splunk Stream is organized as three packages that must each be downloaded and installed.

Product name Installation package name Installed file name Description
Splunk App for Stream splunk_app_stream splunk_app_stream/ When you install this package on your search heads, it provides:
  • the configuration user interface
  • container dashboards and dashboards for analysis of network events and flow data
  • filters for fine-tuning data capture
Splunk Add-on for Stream Forwarders Splunk_TA_stream Splunk_TA_stream/ You install this package on your Splunk forwarders and use it to extend the universal forwarders. You deploy it to search heads and indexers to collect local traffic. When you install a Stream forwarder on the same server as the Splunk App for Stream, you can upload PCAP data from the User Interface.
Splunk Add-on for Stream Wire Data Splunk_TA_stream_wire_data Splunk_TA_stream_wire_data/ When you install this package on your search heads it provides all the knowledge objects required at search and indexing time. In a distributed deployment the package can be deployed on search heads and indexers, and if present in your configuration, heavy forwarders.