Splunk Dev

I am a Splunk Cloud customer. What is hybrid search and when might it be useful for me?

lagnone_splunk
Splunk Employee
Splunk Employee

What is hybrid search?
What is it used for?
How do I set it up?

1 Solution

lagnone_splunk
Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

View solution in original post

lagnone_splunk
Splunk Employee
Splunk Employee

Hybrid search is the use of an on-prem search head to look at data stored in Splunk Cloud.
It can be used for a variety of purposes, the most common are:

*Using custom scripts that are not approved for Splunk cloud
*Using custom inputs not approved for Splunk Cloud.
*Using custom authentication options (2factor, unsupported SSO providers)
*Using apps that are not approved for Splunk Cloud (DB Connect, Cisco Security Suite, etc)

In order to set up hybrid search, you must meet the following requirements

You are a Splunk Cloud stackmaker customer. Customer of single instance (rainmaker) do not have this option.
*Your on-prem search head is *at least
the same version as your Splunk Cloud instance

To get started, please open a support ticket. In order to speed up the process, please provide the following information
*The public IP address of your on-prem search head(s)
*The Splunk version of your on-prem search head(s).

In return, Support will provide you with a set of configurations to apply to your search head.

Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...