Splunk® Data Stream Processor

Install and administer the Data Stream Processor

Acrobat logo Download manual as PDF


On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Cross-Origin Resource Sharing Policy

Cross-Origin Resource Sharing (CORS) is a feature that protects users against a variety of common attacks such as Cross-Site Scripting (XSS). It does this by controlling whether content from third-parties can be rendered in the browser jointly with content from the server. Specifically, web servers that use CORS add an HTTP header, access-control-allow-origin, that specifies which domains are allowed to provide content. For more information about how CORS works, search for "Cross-Origin Resource Sharing" on Wikipedia.

By default, the (DSP) has a permissive CORS policy that does not restrict which third-party domains can provide content. This is because DSP is deployed and operated on customer-owned IT resources, so the permissive CORS policy ensures that your DSP deployment can operate in tandem with other resources already present in your IT estate. After installing DSP, you can configure the appropriate CORS policy to fit your own needs. Best practices are to configure a "least privilege" CORS policy to only allow content from the particular domains that you require have access to DSP.

Restrict DSP UI access by enforcing a stricter CORS policy

Perform the following steps from the working directory of a master node to enforce a stricter CORS policy.

  1. Specify that you want to enforce a stricter CORS policy.
    ./set-config K8S_CHECK_HTTP_ORIGIN true
    
  2. List the domains that must have access to the DSP UI.
    ./set-config K8S_HTTP_ORIGIN_DOMAIN <https://secure-domain.example.com>
    
  3. Deploy the changes.
    ./deploy
    
Last modified on 29 October, 2021
PREVIOUS
Uninstall the Splunk Data Stream Processor
  NEXT
Secure the DSP cluster with SSL/TLS certificates

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.4, 1.2.5, 1.3.0, 1.3.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters