We have merged with another company that has a Splunk cluster in AWS. They would like to extend services to other environments in AWS. Instead of routing to the other environments by connecting the Splunk VPC to the other VPCs using transit gateways, I would like to put the indexers behind a network load balancer and use AWS privatelink.  Privatelink requires putting a NLB [network load balancer] in front of the cluster and configuring them as targets. The reciever builds an endpoint service in the VPC that assigns local address that can be hit without routing. The DNS name for the service must be made to resolve to the local address by creating a hosted zone in the Route 53. So for example if the local VPC of the log sender is 10.1.1.0/24 and the name is splink.cluster.com PrivateLink will use and IP address in the 10.1.1.0/24 range and splunk.cluster.com will resolve to that IP address. I have read that you must be able to resolve multiple IP address for that name. I have asked my AWS representative to investigate of this would work and he told me that other users are designing access this way.  There are 5 indexers spread across 3 availability zones. The domain controllers that want to send the logs will be using UF to send the logs. The advantage of using PrivateLink is so that we can provide access to the Spunk across different VPCs and organizations without having to open up cidr block access and filtering access with Security Groups and NACLs. ... View more