Deployment Architecture

What certificates are used for hybrid search communication between an on-premise search head and Splunk Cloud clustered indexers and master node?

pj
Contributor

Per the Splunk Cloud documentation, it is possible to have a Hybrid Search model where an on-premise Search Head essentially connects to the Master Node in the Cloud, which then allows the Cloud Indexers to be searched from the on-premise Search Head. In order to facilitate this, it seems that the URI of the Master Node would be required and also the Cloud Indexer clustering configuration key. However, how does this work on the internal certificate side for communication?

I am assuming the SH would communicate with the MN over port 8089. Are certificates provided to facilitate this communication or is only the Splunk default certificate being used?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Communication is secured using the pass4symmkey. (Shared Secret). You should file a ticket asking asking for Hybrid search to be setup, then support will send your the URI to your c0m1 (clustermaster) and a secret key.

Note: Hybrid search must be requested as its not setup by default. Also, you should provide a whitelist of IPs for your on-prem searchheads.

0 Karma
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...