Splunk® Data Stream Processor

Install and administer the Data Stream Processor

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Secure the DSP cluster with SSL/TLS certificates (Optional)

By default, DSP uses self-signed certificates to connect to these services. For security reasons, you may want to use your own SSL/TLS certificate instead. To configure SSL/TLS certificates for the DSP Forwarders service, set the following properties. The following instructions assume that you already have an SSL/TLS key and certificate to use. See Generate a client certificate for the DSP Forwarders service for more information about generating an SSL/TLS certificate for DSP.

Prerequisites

  • A valid SSL/TLS certificate and key.
    • The certificate's CN (common name) or SAN (Subject Alt Name) must include the "DSP_HOST" name specified during installation. You can verify this name by running dsp config get dsp-ui api_domain in the working directory.
    • The key must be unencrypted. DSP does not support keys that are encrypted with a pass phrase.
  • You have system administrator (root) permissions. If you do not have root permissions, you can use the sudo command.

Steps

  1. DSP expects certificates to be base64-encoded. From a node in your deployment cluster, type the following.
    base64 -w0 < tls.pem > tls.pem.b64
    base64 -w0 < tls.key > tls.key.b64
    
  2. Press enter, and then type the following to replace the DSP Forwarders Service - 9997 cert.
    dsp config set ingress-nginx certificate_encoded=$( < tls.pem.b64)
    dsp config set ingress-nginx private_key_encoded=$( < tls.key.b64)
    
  3. Press enter, and then type the following to enable custom TLS.
    dsp config set ingress-nginx enable_custom_tls=true
    
  4. After setting the configurations, deploy your changes.
    dsp deploy ingress-nginx

Verify that your certificates are being used by navigating to the DSP UI in your browser and confirming that the new certificates are being used.

Cipher suites

The DSP Forwarders Service supports the following cipher suites.

TLS 1.2 cipher suites

TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

TLS 1.3 cipher suites

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
Last modified on 11 January, 2023
Cross-Origin Resource Sharing Policy   Configure the Data Stream Processor to send data to a self-signed Splunk instance

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters