topic Limitations for Splunk Cloud outgoing traffic in Security https://community.splunk.com/t5/Security/Limitations-for-Splunk-Cloud-outgoing-traffic/m-p/389500#M9512 <P>We will be using a Splunk app (<A href="https://splunkbase.splunk.com/app/4422/">https://splunkbase.splunk.com/app/4422/</A> disclaimer: we made this app) to send out alerts from Splunk Cloud instances.</P> <OL> <LI>Is the free Splunk cloud trial limited somehow in outgoing traffic? </LI> <LI>Is there any difference with a non-trial version? </LI> <LI>Is there any settings/rules that we should do to allow this traffic?</LI> <LI>From which component would the traffic go out? This is useful for us to whitelist this traffic.</LI> </OL> Wed, 03 Apr 2019 12:30:21 GMT cfcsolutions 2019-04-03T12:30:21Z Limitations for Splunk Cloud outgoing traffic https://community.splunk.com/t5/Security/Limitations-for-Splunk-Cloud-outgoing-traffic/m-p/389500#M9512 <P>We will be using a Splunk app (<A href="https://splunkbase.splunk.com/app/4422/">https://splunkbase.splunk.com/app/4422/</A> disclaimer: we made this app) to send out alerts from Splunk Cloud instances.</P> <OL> <LI>Is the free Splunk cloud trial limited somehow in outgoing traffic? </LI> <LI>Is there any difference with a non-trial version? </LI> <LI>Is there any settings/rules that we should do to allow this traffic?</LI> <LI>From which component would the traffic go out? This is useful for us to whitelist this traffic.</LI> </OL> Wed, 03 Apr 2019 12:30:21 GMT https://community.splunk.com/t5/Security/Limitations-for-Splunk-Cloud-outgoing-traffic/m-p/389500#M9512 cfcsolutions 2019-04-03T12:30:21Z Re: Limitations for Splunk Cloud outgoing traffic https://community.splunk.com/t5/Security/Limitations-for-Splunk-Cloud-outgoing-traffic/m-p/389501#M9513 <OL> <LI>Same as licensed Splunk Cloud, 5% of daily ingest for optimal performance, check out the FAQ for more details too, <A href="https://docs.splunk.com/Documentation/SplunkCloud/latest/FAQs/FAQs#Splunk_Cloud_Free_Trial_FAQ">https://docs.splunk.com/Documentation/SplunkCloud/latest/FAQs/FAQs#Splunk_Cloud_Free_Trial_FAQ</A></LI> <LI>Assuming your alerts app alerting on search results like other alerts, then the recommended search results egress through API or even gui again is no more than 5% of ingested data, check also Splunk Cloud service description <A href="https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice">https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice</A></LI> <LI>You may have to submit a Support request to open the API port on your Splunk Cloud stack</LI> <LI>Ensure SSL - TCP 443 and API - TCP 8089 are allowed at your end, and yes you could request whitelist via a Support ticket too</LI> </OL> Wed, 03 Apr 2019 16:51:31 GMT https://community.splunk.com/t5/Security/Limitations-for-Splunk-Cloud-outgoing-traffic/m-p/389501#M9513 felsherif_splun 2019-04-03T16:51:31Z