Splunk® Secure Gateway

Administer Splunk Secure Gateway

Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.

Share data in Splunk Secure Gateway

Splunk Inc. collects anonymized usage data so that we can improve the Splunk Secure Gateway software in future releases. For information about how the data is collected, stored, and governed, see Share data in Splunk Enterprise.

What data is collected

The table below lists the data we collect, why we collect the data, and examples.

Component Why we collect Example
  • AR+: Splunk AR
  • AlertsIOS: Splunk Mobile
  • droneMode: Splunk TV Companion
  • splunkTV: Splunk TV
Shows what apps are currently being used.
{
   app: splunk_secure_gateway
   component: splunk_secure_gateway
   data: {
     enabledMobileAppsMetrics: {
       AR+: false
       alertsIOS: true
       droneMode: false
       splunkTV: false
     }
   }
   deploymentID: e7914e67-3eff-5c84-a54c-ba683f9185e4
   eventID: 386606D5-3DF9-4CD1-B5EE-CB3BB1838C3B
   executionID: 6C7572EC-FDEF-48C4-BADB-10676AE18400
   optInRequired: 3
   timestamp: 1614041118
   type: event
   userID: bef45ece2d088ce87c84df67896387e05032151c0238680f9c8eebc6aea69e5f
   visibility: [
     anonymous
     support
   ]
}
num_registered_devices: Number of devices registered to the Splunk platform instance. Tracks usage based on registered devices.
{
   app: splunk_secure_gateway
   component: splunk_secure_gateway
   data: { 
     numRegisteredDevices: 0
   }
   deploymentID: 248048f0-df1b-5a48-b9fb-e1215422cc90
   eventID: FD5046CA-AAE7-467B-A6F9-D48F68FFFE86
   executionID: 015CBFBE-3C08-4B2D-A34B-F140DE80FFA8
   optInRequired: 3
   timestamp: 1614054475
   type: event
   userID: 4fabe71ad90315fd3279b577a2ea1adfde4ddd4b80d654cc0927b3d905d91de0
   visibility: [
     anonymous
     support
   ]
}
num_registered_devices_per_app: Number of devices registered to the Splunk platform instance per Connected Experiences app. Shows individual app usage based on number of devices registered to the Splunk platform instance.
{
   app: splunk_secure_gateway
   component: splunk_secure_gateway
   data: { 
     numRegisteredDevicesPerApp: { 
       splunkAR: 1
       splunkMobile: 1
     }
   }
   deploymentID: 43ab85da-3dfa-5d6e-a462-43055cde544a
   eventID: 7BD4C8AA-9D12-4AF1-BD55-B49FBB02DCCB
   executionID: 31122A10-BD12-4791-85C0-A89BEA82C25D
   optInRequired: 3
   timestamp: 1614051176
   type: event
   userID: 44e2354d8107db3fb25840e3ad4ec138c29076cf4852201c0dc2b63a20faaacc
   visibility: [ 
   ]
}
num_alerts_in_kvstore: Number of alerts stored in KV store. Shows number of alerts being stored in KV store.
{ 
   app: splunk_secure_gateway
   component: splunk_secure_gateway
   data: {
     numAlertsInKvstore: 0
   }
   deploymentID: 248048f0-df1b-5a48-b9fb-e1215422cc90
   eventID: FE933802-3D20-4B76-AD46-B2632EE79409
   executionID: 015CBFBE-3C08-4B2D-A34B-F140DE80FFA8
   optInRequired: 3
   timestamp: 1614054475
   type: event
   userID: 4fabe71ad90315fd3279b577a2ea1adfde4ddd4b80d654cc0927b3d905d91de0
   visibility: [
   ]
}
  • device_id: Device ID
  • installation_environment: Splunk platform type (Splunk Enterprise or Splunk Cloud)
  • instanceId: Splunk platform instance ID
  • messageSize: Size of request payload
  • message_type: Request type sent to Splunk Secure Gateway
  • requestId: Request ID
  • server_version: Splunk platform version
  • splappVersion: Splunk Secure Gateway app version
  • useragent: User system information such as the operating system, browser, and their versions
Shows request frequencies, payload sizes, and provides debugging details for specific product versions. When combined with other Connected Experiences app metrics, shows end-to-end usage flow for a particular Splunk platform instance.
{
   app: splunk_secure_gateway
   component: splunk_secure_gateway
   data: {
     deviceId: lutr7GKWh5LI+gfMKNXSsOMcK9rcNSGGOiaUUzc4F+c=
     installationEnvironment: ENTERPRISE
     instanceId: 85429041-6593-5ed8-a9ad-a75c0586c379
     messageSize: 309
     message_type: GENERIC_MESSAGE_REQUEST
     requestId: D552124F-A0C6-44F6-80D8-49EE78673F36
     serverVersion: 8.0.3
     splappVersion: 2.4.0+1838957
     useragent: com.splunk.mobile.ARDemo|3.1.0_3.1.0|Version 14.4 (Build 18D52)|iPhone13,3
   }
   deploymentID: 85429041-6593-5ed8-a9ad-a75c0586c379
   eventID: F0E2F192-FEA6-4EE4-BC5A-090F3B4F87FD
   executionID: BFC84AD0-3DD2-4A02-B2A5-1D315406B87A
   optInRequired: 3
   timestamp: 1614055507
   type: event
   userID: b8d9a3b29f1b8b0f8b3fcdd58d782f2dd22325e8596903af6b2db02e2966b58c
   visibility: [
   ]
}

How to opt out of data collection

To opt out of data collection, see How to opt out in the Splunk Enterprise Admin Manual.

Last modified on 08 March, 2021
Migrate from Splunk Cloud Gateway to Splunk Secure Gateway   About the Splunk Secure Gateway security process

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.5.7, 2.7.4, 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only, 3.4.251, 3.5.15 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters