Splunk Dev

I am a Splunk Cloud customer. What is hybrid search and when might it be useful for me?

lagnone_splunk
Splunk Employee
Splunk Employee

What is hybrid search?
What is it used for?
How do I set it up?

1 Solution

lagnone_splunk
Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

View solution in original post

lagnone_splunk
Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...