Splunk® Data Stream Processor

Install and administer the Data Stream Processor

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Cross-Origin Resource Sharing Policy

Cross-Origin Resource Sharing (CORS) is a feature that protects users against a variety of common attacks such as Cross-Site Scripting (XSS). It does this by controlling whether content from third-parties can be rendered in the browser jointly with content from the server. Specifically, web servers that use CORS add an HTTP header, access-control-allow-origin, that specifies which domains are allowed to provide content. For more information about how CORS works, search for "Cross-Origin Resource Sharing" on Wikipedia.

By default, the (DSP) has a permissive CORS policy that does not restrict which third-party domains can provide content. This is because DSP is deployed and operated on customer-owned IT resources, so the permissive CORS policy ensures that your DSP deployment can operate in tandem with other resources already present in your IT estate. After installing DSP, you can configure the appropriate CORS policy to fit your own needs. Best practices are to configure a "least privilege" CORS policy to only allow content from the particular domains that you require have access to DSP.

Restrict DSP UI access by enforcing a stricter CORS policy

Perform the following steps from the working directory of a controller node to enforce a stricter CORS policy.

  1. Specify that you want to enforce a stricter CORS policy.
    dsp config set dsp-ingress check_http_origin=true
  2. List the domains that must have access to the DSP UI.
    dsp config set dsp-ingress http_origin_domain=<https://secure-domain.example.com>
  3. Deploy the changes.
    dsp deploy dsp-ingress
Last modified on 13 January, 2023
Uninstall the Splunk Data Stream Processor   Secure the DSP cluster with SSL/TLS certificates (Optional)

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters