Overview of Splunk Cloud administration
You can use Splunk Cloud to performing the following administrative tasks:
- Manage indexes. See Manage Indexes.
- Manage Splunk apps and add-ons (some apps require you to make a Support request to install). See Install apps in your Splunk Cloud deployment.
- Manage Splunk Cloud users and roles. See Manage users and roles.
In Splunk Cloud, you usually use Splunk Web to perform administrative tasks. Unlike Splunk Enterprise, you do not have access to the command line or file system of your Splunk Cloud deployment, so you cannot use CLI commands or manually edit .conf files. If there is a task that you need to perform, but cannot do so from the Splunk Web interface, you can file a ticket using the Support Portal.
REST API access to Splunk Cloud
Many administrative tasks can be done using the Splunk REST API. Splunk Cloud supports the same REST endpoints as Splunk Enterprise. For details about REST endpoints, refer to the REST API Reference Manual. To use the REST API, you must have a paid subscription to Splunk Cloud.
You cannot use SAML authentication with the REST API.
To enable the Splunk REST API and SDKs:
- Submit a support case on the Support Portal to request access. You can specify a range of IP addresses to control who can access the REST API.
- After you have gained access, use the following URL:
Overview of getting data into Splunk Cloud
Splunk Cloud data policies
This documentation applies to the following versions of Splunk Cloud™: 8.0.2006, 8.0.2007, 8.1.2008, 8.1.2009, 8.1.2011, 8.1.2012 (latest FedRAMP release), 8.1.2101, 8.1.2103, 8.2.2104