Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What communication between dashboard and Infrastructure

Wim
New Member
‎11-11-2021 05:13 AM

Hi,

 

I 'm new to Splunk, but I need some answers pretty fast. We are invited to insource Infrastructure monitoring and control from a high secure environment. As we are outside customers domain, obviously the dashboard runs on servers outside customers infrastructure. Of course there needs to be communications between agents running in the infrastructure and the dashboard to upload events and monitoring data. 

However,  it is absolutely a requirement from customer there is NO traffic from the dashboad to the agents on his infrastructure. Upload of data is no problem, but any packet downstream will be blocked. Even "keep alive" traffic.

Is anyone experienced to give me an answer on this?

 

Thanks,

Wim

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎11-11-2021 05:31 AM

It depends on what level you're considering the traffic.

You can have your UF-s just pushing data to the HF's/indexers outside of the "secure" environment so that all connections are initiated from within that environment towards outside. But these are still TCP connections so packets go both ways.

If you want to have a "diode" between the environments you'd have to employ some form of stateless connectionless event forwarding. What fulfills those requirements? Some UDP-based protocol. Of course the obvious choice here is syslog over UDP.

You're of course limited with the packet size but that's pretty much the only reasonable choice that you have if you want to have purely "outwards only" communication.

0 Karma
Reply

vhharanpositka
Path Finder
‎11-11-2021 05:26 AM

Hi @Wim 

 

The dashboard will run the search in the indexer, that is the data transferred to the Splunk indexer from the agent.

But there will be some data transfer from the Splunk Enterprise to the Agent (UF).  The will be some instructions send from Splunk to the agent via 8089 port. 

Apart from this, there will not be any downstream packet transfer between this two.

 

Regards,

0 Karma
Reply

fviperen
New Member
‎01-04-2022 05:06 AM

Hi, Is it possible to deploy a Splunk on-call distribution in own environment?

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...