All Apps and Add-ons

Splunk Stream - Failed to detect Splunk_TA_stream status

alexiflo
Observer

Hello,

I am attempting to install the Splunk Stream but am running into issues after installing the necessary packages. I am installing the Stream App on a standalone Splunk instance on a VM and have tried on Ubuntu 22.04, Windows 10, Windows 2019 Server both on-premise and in AWS/Azure and am running to the exact same issue. 

After installing the Splunk App for Stream, Wire Data add-on, and Stream Forwarder add-on as instructed on the link below,  when I check the 'Collect data from this machine using Wire Data input (Splunk_TA_stream)', I get the following error:  Failed to detect Splunk_TA_stream status. 

https://docs.splunk.com/Documentation/StreamApp/7.4.0/DeployStreamApp/InstallSplunkAppforStreaminasi...

Pressing 'Redetect' does not help and running the permissions.sh script does not change anything. The Splunk instance itself is a fresh install (no additional configurations) and no other Apps besides Stream and its required add-ons have been installed.

Can someone please hep provide an explanation to this error code I am getting and why it is happened, regardless of which OS I am using? Is there additional steps I must complete? Any guidance is appreciated.

The workflow I have done is as follows:

1. deploy VM (on-prem or cloud, I have used both Ubuntu 22.07 and Windows)

2. install Splunk Enterprise on new VM

3. install Splunk App for Stream, Wire Data add-on, and Stream Forwarder

4. Restart the Splunk instance

Splunk_TA_stream.png

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...