Splunk Cloud Platform

Use Edge Processors

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Installation requirements for Edge Processors

Before installing an Edge Processor, make sure that the host that you're installing on meets the following requirements. Meeting these requirements and addressing issues arising from the host environment, including the hardware, operating system and network, is your responsibility.

This is step 1 of 6 for using an Edge Processor to process data and route it to a destination. To see an overview of all of the steps, see Quick start: Process and route data using Edge Processors.

This diagram shows an overview of the steps required to set up and use an Edge Processor.

Hardware requirements

The host machine where you want to install an Edge Processor must meet or exceed the following minimum system requirements.

Hardware Minimum specifications
CPU architecture x86 (64-bit)
Memory 2 GB, assuming that 1 GB from this amount is used to run the operating system.
Disk space 20 GB, assuming that the Edge Processor is configured to send data to 1 destination.

If the Edge Processor is configured to send data to multiple destinations, allocate an additional 5 GB of disk space per destination.

To prevent data loss, Edge Processors store queued data on the hard drive of the host as needed.

To improve the performance of the Edge Processor, allocate resources beyond these minimum requirements.

Software requirements

The host machine where you want to install an Edge Processor instance cannot already have another Edge Processor instance installed on it. You must install each Edge Processor instance on a different machine.

Operating system support

You can only install Edge Processors on Linux servers that are on kernel version 4.9.x and higher. The following Linux distributions are supported:

  • Debian 10 and 11
  • Red Hat Enterprise Linux (RHEL) 8.0 and higher
  • SUSE Linux Enterprise 15.0 and higher
  • Ubuntu 20.04 LTS and 22.04 LTS

Network requirements

Configure your firewall settings and the ports on your host machines to allow your Edge Processors to communicate with data sources, data destinations, the Edge Processor cloud service, and your Splunk platform deployment.

Firewall settings

The Edge Processors in your network must be able to communicate with the Edge Processor service in the cloud through the following URLs. Make sure that your firewall allows access to the following URLs, where <tenant> is the name of your cloud tenant:

  • https://<tenant>.api.scs.splunk.com
  • https://<tenant>.auth.scs.splunk.com
  • https://auth.scs.splunk.com
  • https://beam.scs.splunk.com

localhost ports

Edge Processors use the following ports associated with localhost or IP address to support internal processes. Make sure that these ports are open for local loopback on the host machines where you're installing your Edge Processors.

You don't need to expose these ports to external traffic.

Port Details
1777 Edge Processors use port 1777 to send logs to the edge_diagnostic tool.

You can run the edge_diagnostic tool manually and locally on the host machine of the Edge Processor. The tool compiles information from Edge Processor logs, but does not expose any information externally. For more information, see Generate a diagnostic report for an Edge Processor instance.

8888 Edge Processors use port 8888 to send application health metrics to internal dashboards used by Splunk Support.

Inbound ports

Edge Processors use inbound ports to listen for data from data sources. Make sure that these ports are available and that your network policy allows them to be opened to incoming external traffic.

You can choose which port numbers to use for each supported type of inbound data. For more information, see Configure global Edge Processor settings.

By default, Edge Processors are configured to use the following inbound ports to receive data:

Port Type of data received
8088 Data that's transmitted through HTTP Event Collector (HEC)
9997 Data from Splunk forwarders

Outbound ports

Edge Processors use outbound ports to communicate with other components in your Splunk platform deployment and with external destinations. Make sure that these ports are available and that your network policy allows them to be opened to outgoing external traffic.

Port Details
443 Edge Processors use port 443 to do the following:
  • Connect instances to the Edge Processor service managed by Splunk.
  • Send data to Amazon S3.
9997 By default, Edge Processors use port 9997 to do the following:
  • Send internal logs to the Splunk Cloud Platform deployment that's connected to the tenant.
  • Send data to Splunk Enterprise and Splunk Cloud Platform.

If your Splunk platform deployments use ports other than 9997 to listen for incoming data, then you must configure your Edge Processors to use those ports instead and make sure that those ports are available.

Last modified on 30 August, 2023
Quick start: Process and route data using Edge Processors
Set up an Edge Processor

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209, 9.0.2303, 9.0.2305 (latest FedRAMP release)

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters