Deployment Architecture

What certificates are used for hybrid search communication between an on-premise search head and Splunk Cloud clustered indexers and master node?

pj
Contributor

Per the Splunk Cloud documentation, it is possible to have a Hybrid Search model where an on-premise Search Head essentially connects to the Master Node in the Cloud, which then allows the Cloud Indexers to be searched from the on-premise Search Head. In order to facilitate this, it seems that the URI of the Master Node would be required and also the Cloud Indexer clustering configuration key. However, how does this work on the internal certificate side for communication?

I am assuming the SH would communicate with the MN over port 8089. Are certificates provided to facilitate this communication or is only the Splunk default certificate being used?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Communication is secured using the pass4symmkey. (Shared Secret). You should file a ticket asking asking for Hybrid search to be setup, then support will send your the URI to your c0m1 (clustermaster) and a secret key.

Note: Hybrid search must be requested as its not setup by default. Also, you should provide a whitelist of IPs for your on-prem searchheads.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...