How does the SBF hybrid architecture work?
Splunk Business Flow (SBF) uses a hybrid on-premises and hosted architecture. The user interface is served from the SBF Hosted Environment, and event processing occurs on your on-premises Splunk Enterprise deployment. To use Splunk Business Flow, your local Splunk search head and browser must be connected to the internet. Your local Splunk search head must have outbound access to the SBF Hosted Environment and your browser must be also able to access the SBF Hosted Environment, so that you can register the SBF application and access the user interface. You can facilitate access between the local search head and SBF Hosted Environment by allowing direct connections, adding a allow rule to your network configuration, or configuring a proxy. To set up an HTTPS proxy server, see Customize proxy settings in sbf.conf.
The following diagram shows a high level overview of the SBF architecture.
How the SBF hybrid architecture affects releases
The hybrid architecture allows SBF to release new features, and fix issues without an on-premises update facilitated by a Splunk admin.
| SBF concepts and terminology | What metadata is stored in the SBF Hosted Environment? |
This documentation applies to the following versions of Splunk® Business Flow (Legacy): -Latest-
Download manual
Feedback submitted, thanks!