Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Allow DSP users to use the Forwarders service

By default, tenant administrators have permissions to use the Forwarders service. Perform the following steps to grant permissions to another user in your tenant to send data using the Forwarders service.

  1. Ask the user you want to grant permissions to for their token UUID.
    • Ask the user to log in to the Splunk Cloud Services CLI:
      ./scloud login

      SCloud doesn't return your login metadata or access token. If you want to see your access token you must log in to SCloud using the verbose flag: ./scloud login --verbose.

    • Ask the user to run the following Splunk Cloud Services CLI command and send you their UUID:
      ./scloud identity validate-token
  2. Create a new group to give permissions to.
    ./scloud identity create-group <groupName>
  3. Create a new role to give permissions to.
    ./scloud identity create-role <roleName>
    
  4. Add write, read, and delete permissions to the role that you created or to the pre-existing role.
    • To add write permissions, type the following command:
      ./scloud identity add-role-permission <roleName> default:*:forwarders.certificate.write
    • To add read permissions, type the following command:
      ./scloud identity add-role-permission <roleName> default:*:forwarders.certificate.read
    • To add delete permissions, type the following command:
      ./scloud identity add-role-permission <roleName> default:*:forwarders.certificate.delete
  5. Add the role to the group that you created.
    ./scloud identity add-group-role <groupName> <roleName>
  6. Add the user to the group.
    ./scloud identity add-group-member <groupName> <user-UUID>
Last modified on 24 March, 2022
Create a connection between a Splunk forwarder and the Forwarders service   Process data from a universal forwarder in DSP

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters