Deployment Architecture

What certificates are used for hybrid search communication between an on-premise search head and Splunk Cloud clustered indexers and master node?

pj
Contributor

Per the Splunk Cloud documentation, it is possible to have a Hybrid Search model where an on-premise Search Head essentially connects to the Master Node in the Cloud, which then allows the Cloud Indexers to be searched from the on-premise Search Head. In order to facilitate this, it seems that the URI of the Master Node would be required and also the Cloud Indexer clustering configuration key. However, how does this work on the internal certificate side for communication?

I am assuming the SH would communicate with the MN over port 8089. Are certificates provided to facilitate this communication or is only the Splunk default certificate being used?

0 Karma

khourihan_splun
Splunk Employee
Splunk Employee

Communication is secured using the pass4symmkey. (Shared Secret). You should file a ticket asking asking for Hybrid search to be setup, then support will send your the URI to your c0m1 (clustermaster) and a secret key.

Note: Hybrid search must be requested as its not setup by default. Also, you should provide a whitelist of IPs for your on-prem searchheads.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...