Distributed deployment installation and configuration overview

A distributed deployment for Splunk Stream includes the following components. For installation steps, see Install Splunk Stream in a distributed deployment


Component	Usage
search heads	`splunk_app_stream` and `Splunk_TA_stream_wire_data` are required on search heads.
indexers	`Splunk_TA_stream_wire_data` is required on all indexers for searching and parsing.
universal forwarders	`Splunk_TA_stream` is required on universal forwarders at the location(s) where you want to capture network data. For more information, see Network collection architectures in this manual.
heavy forwarders	Install `Splunk_TA_stream` where you want to capture network data. Install `Splunk_TA_stream_wire_data` on your heavy forwarder wherever that index performs pipeline processing.
deployment server	Use the Splunk deployment server to distribute `Splunk_TA_stream` to universal forwarders across a distributed deployment. When you upgrade to a new version of Splunk Stream, if the deployment server detects a new version of `Splunk_TA_stream` then all universal forwarders subscribed as deployment clients will pull and install the new version. For more information, see Deployment server provisioning in Upgrading Splunk Enterprise Instances. and Components of a Splunk Enterprise deployment in the Splunk Enterprise Capacity Planning Manual.

Documentation