1. Go to http://splunkbase.com/app/5238.
2. Click Download. The Splunk_TA_stream_<latest_version>.tgz installation package downloads to your local host.
3. Log into Splunk Web.
4. Click Manage Apps > Install app from file.
5. Upload the Splunk_TA_stream_<latest_version>.tgz installer file.
6. Restart Splunk Enterprise, if prompted. This installs the Splunk_TA_stream in the $SPLUNK_HOME/etc/apps directory. This is a pre-configured copy of Splunk_TA_stream that you can deploy to universal forwarders using the deployment server.
7. Set Splunk_TA_stream permissions: On Linux and OSX, run the set_permissions.sh script in the Splunk_TA_stream directory.

   cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream
   sudo chmod +x ./set_permissions.sh
   sudo ./set_permissions.sh

To configure your forwarders, see Configure your Splunk Stream forwarders

To collect network data from one or more forwarders without using a deployment server, manually install Splunk_TA_stream on each forwarder.

1. Go to http://splunkbase.com/app/5238 and download the latest installation package to $SPLUNK_HOME/etc/apps on the Universal Forwarder
2. Untar the package to $SPLUNK_HOME/etc/apps
3. Verify that Splunk_TA_stream/local/inputs.conf specifies the correct location of splunk_app_stream.

    [streamfwd://streamfwd]
   splunk_stream_app_location = https://localhost:8000/en-us/custom/splunk_app_stream/
   stream_forwarder_id = 
   disabled = 0
   

4. Verify that Splunk_TA_stream/local/streamfwd.conf is configured to collect data from the network interface. By default, streamfwd.conf collects data from all network interfaces.
5. Set Splunk_TA_stream permissions: On Linux and OSX, run the set_permissions.sh script in the Splunk_TA_stream directory.

   cd $SPLUNK_HOME/etc/apps/Splunk_TA_stream
   sudo chmod +x ./set_permissions.sh
   sudo ./set_permissions.sh

6. Restart Splunk Enterprise.