Forwarding to Splunk Light Cloud behind corporate ...

danzemmels · ‎11-27-2018

I'm trying to configure having Splunk Light (free test drive version) push to the Splunk Cloud Service from our Red Hat Linux box. This is all behind hefty corporate firewalls. I'm told I have a few options, but I need more information first.

1) Get fixed IP addresses for Splunk cloud services so we can open an IP address (or IP range) through the firewall for pushing up the data
2) Use Bluecoat proxy to filter by URL and forward. Or by IP address.

Can I get Splunk owned IP addresses?
Is the temp test-drive version of Splunk Cloud going to be a fixed address?

Recommendations are appreciated.
Thx

msivill_splunk · ‎11-29-2018

Have you explored the universal forwarder setup from within Splunk Cloud? Looking at this app in Splunk Cloud then "Download Universal Forwarder Credentials" you will get the required config details (after unzipping the spl file as tar.gz) for sending data over the internet which you can feedback to firewall/bluecoat folks.

danzemmels · ‎11-29-2018

Thanks. Yes I have. The Forwarder is probably working as expected. I can see the processes and whatnot. My issue is getting through our corporate firewall(s) to the Splunk Cloud. I'm looking for IP addresses to whitelist or a recommended approach someone has discovered that works well.

Forwarding to Splunk Light Cloud behind corporate firewalls

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk