Archive

I am a Splunk Cloud customer. What is hybrid search and when might it be useful for me?

Splunk Employee
Splunk Employee

What is hybrid search?
What is it used for?
How do I set it up?

1 Solution

Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

View solution in original post

Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!