About Ingest Processor
Ingest Processor is a data processing capability that works within your Splunk Cloud Platform deployment. Use the Ingest Processor to configure data flows, control data format, apply transformation rules prior to indexing, and route to destinations.
You can easily deploy and use Ingest Processor since it does not require any additional infrastructure in your Splunk Cloud Platform environment. Ingest Processor will seamlessly scale and adjust your infrastructure resources according to your organization's needs. The Ingest Processor solution also lets you manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk Cloud service.
What is the difference between Ingest Processor and Edge Processor?
See the following table to review the differences between Ingest Processor and Edge Processor.
Features | Edge Processor | Ingest Processor |
---|---|---|
Solution description | Edge Processor is a Splunk product that allows you to process data using SPL2 before you send that data out of your network to external destinations. You use a Splunk-managed cloud service to deploy and manage on-premises Edge Processors at the edge of your network. | Ingest Processor is a Splunk Cloud Platform capability that allows you to process data using SPL2 at the time of data ingestion. |
Supported data sources |
|
All data sources supported by Splunk Cloud Platform deployments on Victoria Experience. |
Where processing takes place | At the edge of your network, close to the data source. | In Splunk Cloud Platform. |
Generate logs into metrics | No | Yes |
Enrich data using lookups | Yes | No |
Routing to Splunk Enterprise indexes | Yes | No |
Routing to Splunk Cloud Platform indexes | Yes | Yes, but limited to indexes paired on the same Splunk Cloud Platform deployment with Ingest Processor. |
Routing to Splunk Observability Cloud | No | Yes |
Data format when routing to Amazon S3 | JSON files that use the Splunk HEC schema |
|
For information about the Edge Processor solution, see the Use Edge Processors manual.
Ingest Processor components
The following diagram provides an overview of the components that comprise the Ingest Processor service, and whether each component is hosted in the Splunk Cloud Platform environment or your local environment. See the System architecture section on this page for more information.
Get started with the Ingest Processor solution
Before you can start using the Ingest Processor solution, you must gain access to a cloud tenant where the Ingest Processor is available. Ingest Processor is only available on Victoria Experience for Splunk Cloud Platform. No additional cloud computing resources (AWS, Azure, GCP) are needed in order to run Ingest Processor.
Compliance and certifications for Ingest Processor
Ingest Processor is currently restricted from provisioning Payment Card Industry (PCI) compliant stacks.
Splunk Ingest Processor has attained a number of compliance attestations and certifications from industry-leading auditors as part of Splunk's commitment to adhere to industry standards worldwide and Splunk's efforts to safeguard customer data. Generally Available products and features that are currently in scope of Splunk's compliance program may not be a part of the third-party audit report until the next assessment cycle.
- SOC 1: Service Organization Controls (SOC) compliance is a standardized framework created by the American Institute of Certified Public Accountants (AICPA). It aims to assess service organizations' internal controls, policies and procedures with a focus on controls that impact financial reporting. Splunk Cloud Platform undergoes annual SOC 1 audits to assure the security, availability, processing integrity, confidentiality, and privacy of applicable data and systems.
- SOC 2 Type II: The SOC 2 audit assesses an organization's security, availability, process integrity, and confidentiality processes to provide assurance about the systems that a company uses to protect customers' data. If you require the SOC 2 Type II attestation to review, contact your Splunk sales representative.
- Health Insurance Portability and Accountability Act (HIPAA): HIPAA is a U.S. federal law that sets forth national standards governing the processing of protected health information (PHI). HIPAA is intended to improve the effectiveness and efficiency of healthcare systems by establishing standards for the use of electronic records in healthcare; establishing standards for accessing, storing and transmitting PHI; and by protecting the privacy and security of PHI. Splunk's HIPAA compliance offering is annually audited by a third-party for compliance with HIPAA requirements, resulting in annual third party attestation reports.
- ISO 27001: Splunk Cloud Platform achieved the International Organization for Standardization's information security standard 27001 (ISO 27001) certification in December 2015 and continues to update it annually. ISO 27001 is a specification that outlines security requirements for an information security management system (ISMS). Authorized users can access related documentation in the Customer Trust Portal.
- CSA star level 1: The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. Splunk Cloud Platform has obtained CSA STAR Level 1; a self-assessment intended for Cloud Service Providers that operate in a low-risk environment and want to offer greater visibility into the security controls they have in place.
Request Ingest Processor on your Splunk Cloud Platform stack
To obtain a Splunk Cloud Platform stack that is provisioned with Ingest Processor, Create a support case on the Splunk Support portal, and perform the following steps to complete the cloud change management (CCM) form.
On the Create a case page on the Splunk Support portal, fill out the following fields.
- In the Select Case Type field, select Support.
- In the Select Product field, select Splunk Cloud.
- In the I need help with... field, select Cloud Change Request.
- In the Select Cloud Stack field, select your Splunk Cloud Platform stack.
- In the Conf File Name field, select Standard Configuration.
- In the Maintenance Window field, provide several maintenance window options, and include your time zone.
- In the Description field, enter
request to provision Ingest Processor GA Essentials
. - In the Splunk Support access to your company data field, select either Allow or Do not Allow.
- Click Submit.
Learn more
To learn more about how the Ingest Processor solution works and become more familiar with key terms and concepts, see How the Ingest Processor solution works. For information about the types of data processing operations that are supported, see Ingest Processor pipeline syntax.
Reference
See the following documentation for more information about the Ingest Processor solution and other Splunk software that works in conjunction with the Ingest Processor solution.
For this information | Refer to this documentation |
---|---|
Regional availability of the Ingest Processor solution | Cloud region:
|
Complete information about the supported SPL2 commands and functions. | |
How to configure Splunk forwarders | The Forwarding Data manual |
How the Ingest Processor solution works |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!