Splunk® Cloud Gateway

Install and Administer Splunk Cloud Gateway

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Gateway. Click here for the latest version.
Acrobat logo Download topic as PDF

Install Splunk Cloud Gateway

Enable users to receive actionable alerts, register and associate assets with Splunk data, and manage devices for Connected Experiences app users with Splunk Cloud Gateway. Splunk Cloud Gateway is a cloud-based bridge for mobile devices to connect to your on-premises Splunk Enterprise instance.

Splunk Cloud Gateway is required for all Connected Experiences apps.

This diagram illustrates how mobile devices can communicate with the Splunk Cloud Gateway app. Open port 443 outbound to prod.spacebridge.spl.mobi to allow message exchanges between mobile devices and the on-premises Splunk Cloud Gateway app through the Cloud Gateway Service.


To learn more about Splunk Cloud Gateway security, see Splunk Connected Experiences security process.

If you run into issues with installation or connection, see Troubleshoot Splunk Cloud Gateway and Troubleshoot Splunk Cloud Gateway Connection Issues for more information.

Prerequisites

  • Have admin role access.
  • Make sure that KV store is running. See KV store troubleshooting tools and Back up and restore KV store to learn how to check the status of KV store and for KV store best practices.
  • If you're using a proxy, open port 443 outbound to prod.spacebridge.spl.mobi to enable Splunk Cloud Gateway.
  • Use a compatible proxy server, operating system, and Splunk Enterprise or Splunk Cloud version. See the following table for compatible proxies, operating systems, Splunk Enterprise versions, and directory services:
Component Requirements
Proxy server

Set up a proxy in server.conf

If you're using a proxy server, it must be a forward HTTPS proxy and support HTTP CONNECT. Squid Forward Proxy, Apache Forward Proxy, and Nginx Forward Proxy have been tested and verified as compatible. If you're using another forward proxy and running into issues, there might be a configuration issue. See Troubleshoot Splunk Cloud Gateway Connection Issues for more information about troubleshooting proxy issues.

Splunk Cloud Gateway does not support man-in-the-middle proxy servers.

To configure your proxy server, see Configure splunkd to use your HTTP Proxy Server in the Splunk Enterprise Admin Manual.

Here's how to edit server.conf to configure splunkd to work with your server proxy:

[proxyConfig] 
https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">

If using a proxy that requires authentication, do not use # in your password. Splunk Cloud Gateway misinterprets # in passwords.

Set up a Splunk Cloud Gateway specific proxy in cloudgateway.conf

Configuring [proxyConfig] in cloudgateway.conf allows all outgoing Splunk Cloud Gateway calls to pass through the defined proxy. To set up a Splunk Cloud Gateway specific proxy in cloudgateway.conf, see the [proxyConfig] stanza in Configure cloudgateway.conf.

The [proxyConfig] stanza in cloudgateway.conf does not affect any other traffic in the splunkd process. For example, if you set [proxyConfig] in cloudgateway.conf and in server.conf, splunkd will stlll respect the [proxyConfig] stanza in server.conf for all other traffic.

Operating System Splunk Cloud Gateway is compatible with Mac, Windows, and Linux operating systems.
Hardware Splunk Cloud Gateway requires a minimum processor size of 4 cores and 16GB of ram. The minimum AWS instance size is m5.xlarge.
Splunk Enterprise or Splunk Cloud Version Splunk Cloud Gateway requires Splunk Enterprise version 7.1.0 or later, or Splunk Cloud version 1.7.3 or later. Splunk Cloud Gateway does not work with free trial instances.

Splunk Cloud Gateway is not compatible with Python 3.

Splunk Enterprise Role Admin, power, and normal users can use Splunk Cloud Gateway if they have the cloudgateway role.
Directory Service Splunk Cloud Gateway supports LDAP authentication and local Splunk accounts.

Install Splunk Cloud Gateway from Splunkbase

Use Splunkbase to install Splunk Cloud Gateway.

  1. Launch Splunk Enterprise.
  2. Log in.
  3. Download Splunk Cloud Gateway from Splunkbase.
  4. Click the Apps gear icon in Splunk Enterprise.
  5. Click Install app from file.
  6. Click Choose File and select the downloaded Splunk Cloud Gateway file.
  7. Click Upload.
  8. Restart Splunk Enterprise.

Upgrade Splunk Cloud Gateway

Upgrade Splunk Cloud Gateway by installing the latest version from Splunkbase.

Upgrade Splunk Cloud Gateway on Mac or Linux

To upgrade Splunk Cloud Gateway on Mac or Linux, follow these steps:

  1. Install the app from Splunk Base.
  2. Check Upgrade app to overwrite the older version of Splunk Cloud Gateway.
  3. Click Upload.

Upgrade Splunk Cloud Gateway on Windows

To upgrade Splunk Cloud Gateway, first stop Splunk and remove the existing Splunk Cloud Gateway App. To stop Splunk, see Stop Splunk Enterprise in the Splunk Enterprise Admin Manual. To uninstall the existing Splunk Cloud Gateway app, see Uninstall an app or add-on in the Splunk Admin Manual.

  1. Stop Splunk.
  2. Uninstall the existing Splunk Cloud Gateway app.
  3. Install the app from Splunk Cloud Gateway.
  4. Check Upgrade app to overwrite the older version of Splunk Cloud Gateway.
  5. Click Upload.

Deploy Splunk Cloud Gateway in a distributed environment

If you're installing Splunk Cloud Gateway in a distributed environment, install it on the search head cluster. See App deployment overview in the Splunk Enterprise Admin Manual to deploy Splunk Cloud Gateway to search head clusters.

All Splunk Cloud Gateway operations occur on the search head captain.

Install Splunk Cloud Gateway on Splunk Cloud

Installing Splunk Cloud Gateway on Splunk Cloud through SSAI requires Splunk Cloud v7.1.x or later.

Download Splunk Cloud Gateway in your Splunk Cloud Deployment from Splunkbase. See Install apps in your Splunk Cloud deployment in the Splunk Cloud User Manual for further instructions.

To install Splunk Cloud Gateway on Splunk Cloud v7.0.x or earlier, submit a case to Splunk Support. See Contact Splunk Support for contact information and how to submit a case.

Enable the Connected Experiences apps you want to use

After installing Splunk Cloud Gateway, enable the Connected Experiences apps you want to use. See Enable Connected Experiences apps in Splunk Cloud Gateway.

Last modified on 03 February, 2020
PREVIOUS
About Splunk Cloud Gateway
  NEXT
About the Splunk Cloud Gateway security process

This documentation applies to the following versions of Splunk® Cloud Gateway: 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.7.2, 1.8.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters