Splunk Cloud Platform

Use Edge Processors

First-time setup instructions for the Edge Processor solution

After you request access to the Edge Processor solution and the provisioning process is completed, you receive a welcome email confirming that you now have access to a tenant in the Splunk cloud environment. The tenant is your entry point to the Edge Processor service, where you can perform actions such as configuring and deploying Edge Processors, creating data processing pipelines, and more.

If you are the first user on the tenant, you need to complete a one-time setup procedure before you can start using the Edge Processor service. During this setup procedure, you finish connecting the tenant and your Splunk Cloud Platform deployment by providing the tenant with credentials that allow it to read and write data to your Splunk Cloud Platform deployment. In order for the Edge Processor solution to work, it must be able to store and retrieve Edge Processor logs and metrics in designated indexes in the Splunk Cloud Platform deployment and then display that data in the user interface of the Edge Processor service.

This one-time setup process is only required for newly provisioned tenants. Once this process is completed, you don't need to go through it again.

Understanding the connection between your tenant and your Splunk Cloud Platform deployment

When you first receive your tenant, it already has a partial connection to your Splunk Cloud Platform deployment. This partial connection grants the tenant the following characteristics:

  • The name of the tenant is the same as the name of the connected Splunk Cloud Platform deployment. For example, if the name of your Splunk Cloud Platform deployment is buttercupgames and you use the URL https://buttercupgames.splunkcloud.com to access it, then the name of the tenant is also buttercupgames and you would use the URL https://px.scs.splunk.com/buttercupgames to access the tenant.
  • The tenant uses the connected Splunk Cloud Platform deployment as an identity provider for managing user accounts and logins. As a result, the tenant accepts the same login credentials as the Splunk Cloud Platform deployment.

    If you configured Splunk Cloud Platform to use another service as the identity provider for single sign-on (SSO), then use your SSO credentials when logging in to the tenant.

    Splunk Cloud Platform users can access the tenant as long as the user account has the admin_all_objects capability.

Be aware that the tenant does not start with the complete connection necessary for reading and writing data to the Splunk Cloud Platform deployment. The first-time setup procedure finishes connecting the tenant to the Splunk Cloud Platform deployment and allows the tenant to use the deployment as a storage location for the logs and metrics generated by Edge Processors.

Prerequisite: Confirm that you can log in to your tenant

Before beginning the first-time setup procedure for the Edge Processor solution, confirm that your Splunk Cloud Platform account has the required capabilities and that you can log in to the tenant.

  1. Log in to your Splunk Cloud Platform deployment as an administrator.
  2. In the Settings menu, in the Users and authentication section, select Users.
  3. In the row that lists your username, select Edit and then select View Capabilities.
  4. Check if your account has the admin_all_objects capability. If your account doesn't have that capability, assign it. See Define roles on the Splunk platform with capabilities in the Securing Splunk Cloud Platform manual for more information.
  5. In the Settings menu, select Data Management experience. If you have activated Edge Processor, then you will be redirected to your tenant. If you have not activated Edge Processor, you will be redirected to the Splunk Adoption Hubs.

If you encounter authentication errors or cannot access the Edge Processor service despite ensuring that your user account has the required capabilities, contact your Splunk representative for assistance.

Step 1: Allow your tenant to access Splunk Cloud Platform indexes

To make the necessary indexes from your Splunk Cloud Platform deployment available to your tenant, you must create a service account that can access those indexes and then configure the tenant to connect to the Splunk Cloud Platform deployment using that account. Do the following:

  1. In Splunk Cloud Platform, create a role that can access the required indexes. See Create a role for the service account.
  2. Create a service account, which is a Splunk Cloud Platform account that uses the role you created. See Create a service account.
  3. In your tenant, configure a connection to your Splunk Cloud Platform deployment using the service account. See Connect your tenant to your Splunk Cloud Platform deployment.

This connection grants your tenant the same permissions as the service account, allowing the Edge Processor service to send data to your indexes.

Create a role for the service account

In Splunk Cloud Platform, create a role that grants access to the internal indexes.

  1. Log in to your Splunk Cloud Platform deployment as an administrator.
  2. To start creating the role for the service account, clone the default user role:
    1. In the Settings menu, in the Users and authentication section, select Roles.
    2. In the row that lists the default user role, select Edit, then Clone.
  3. In the Name field, specify a name for the new role, such as scp_user.
  4. If you have search head clustering (SHC) on your Splunk Cloud Platform deployment, then you must add the list_search_head_clustering capability to the role. To do this, select the 2. Capabilities tab and then select list_search_head_clustering.
  5. On the 3. Indexes tab, select the Included check box for all the indexes that you want to make available in your tenant. At minimum, you must make all internal indexes available. Instead of specifying internal indexes individually, you can select the Included check box in the _* (All internal indexes) row.
  6. To avoid concurrent search limitations, select the 5. Resources tab and do the following:
    1. In the Role search job limit settings, change Standard search limit to 300.
    2. In the User search job limit settings, change Standard search limit to 200.
    3. In the Disk space limit settings, change Standard search limit to 10000.
  7. To save your settings and finish creating the role, select Clone.
  8. (Optional) If you've already completed this first-time setup process before, and you are now updating these role settings, then you must refresh the connection to your Splunk Cloud Platform deployment by doing the following steps in the Edge Processor service:
    1. Select the Settings icon (Image of the Settings icon) and then select System connections.
    2. On the scpbridge connection, select the Refresh icon (This image shows an icon that looks like two curved arrows going in a circle.).

Next, create a service account using this role.

Create a service account

In Splunk Cloud Platform, create an account that uses the role you created during the preceding steps. This account is a service account to be used by the tenant and the Edge Processor service.

  1. In the Settings menu, in the Users and authentication section, select Users.
  2. Select New User.
  3. In the Name field, specify a name for the service account, such as service_acct.
  4. In the Set password and Confirm password fields, specify a password for the service account.
  5. In the Assign role area, do the following:
    1. Add the role that you created during Create a role for the service account.
    2. Remove the default user role.
  6. Deselect the Require password change on first login check box.
  7. To save your settings and finish creating the service account, select Save.
  8. To confirm that the service account is valid, log out of your Splunk Cloud Platform deployment and then log back in using the service account credentials.

    On some systems, you might be prompted to reset the password even though you disabled that requirement. If prompted, reset the password.

  9. After confirming that you can successfully log in to Splunk Cloud Platform using the service account, log out of the service account.
  10. (Optional) To prevent the service account from being locked out due to password expiry and failed login attempts, review the password policies configured for your Splunk Cloud Platform deployment and configure an expiration alert.
    For more information, see Configure Splunk password policies in the Securing Splunk Cloud Platform manual. If you are using another service as the identity provider, then refer to the documentation for that service.

You now have a service account that your tenant can use to connect to your Splunk Cloud Platform deployment.

Connect your tenant to your Splunk Cloud Platform deployment

  1. In Splunk Cloud Platform, select Settings then select Data Management experience.
  2. Log in using your Splunk Cloud Platform username and password.

    If you configured Splunk Cloud Platform to use another service as the identity provider for SSO, then use your SSO credentials when logging in to the tenant.

    The browser redirects you to the Data management page in the Edge Processor service.

  3. Select the Settings icon (Image of the Settings icon) and then select System connections.
  4. Select New, then Platform connection.
  5. Complete the fields in the Connect to your data dialog box:
    Field Description
    Connection name The name of the connection. The value scpbridge is provided and can't be changed.
    Host name The URL for your Splunk Cloud Platform deployment. The https:// is assumed. For example, if your URL is https://scpanalytics.splunkcloud.com you would specify scpanalytics.splunkcloud.com.
    Management port The default port number. Most Splunk Cloud Platform deployments use the 8089 port as the default port. If you changed the default port in your deployment, specify that port number.
    Service account username The name of the service account that you created during Create a service account. For example, service_acct.
    Service account password The password of the service account.
  6. Select Create connection.
    A connection named scpbridge is created, and a Status: connected icon (Image of the "Status: connected" icon) displays beside the connection name. The tenant displays the following message:
    Connection was created
    The connection was successfully created.
  7. (Optional) If you need to change the connection after it has been successfully created, do the following:
    1. On the System connections page, select the Edit icon (Image of the Edit icon) on the scpbridge connection.
    2. Update your connection settings as needed and then select Apply.

The indexes from your Splunk Cloud Platform deployment are now available in the tenant. After you complete the remaining steps in this first-time setup process, you can send data into these indexes.

Step 2: Retrieve credentials to allow communications between the Edge Processor service and Splunk Cloud Platform

The Edge Processor service must prove its identity using TLS certificates before Splunk Cloud Platform allows the service to communicate with it. To allow the Edge Processor service to securely communicate with your Splunk Cloud Platform deployment, you must retrieve the universal forwarder credentials package from the Splunk Cloud Platform deployment and then store that credentials package in the Edge Processor service. This credentials package contains the necessary TLS certificates.

  1. In Splunk Cloud Platform, select Apps, then Universal Forwarder.
  2. Select Download Universal Forwarder Credentials. Note the location of the credentials file. The credentials file is named splunkclouduf.spl.
  3. Copy the file to a storage location of your choice.

During the next step, you upload this credentials package to the Edge Processor service.

Step 3: Complete the first-time setup process

Upload the Splunk Cloud Platform universal forwarder credentials package to the Edge Processor service and finish setting up communication between the Edge Processor service and your Splunk Cloud Platform deployment.

  1. In the Edge Processor service, select Edge Processors.
  2. The service redirects you to the First-time setup page.

  3. Complete the fields in the First-time setup page.
    Field Description
    Destination name default_splunk_cloud_destination


    This is a preset destination name for your Splunk Cloud Platform deployment.

    Universal forwarder credentials Upload the universal forwarder credentials package that you downloaded during Step 2: Retrieve credentials to allow communications between the Edge Processor service and Splunk Cloud Platform.
  4. Select Save.

Next steps

Now that you've finished setting up the indexes and connections required by the Edge Processor solution, you can start using it to receive, transform, and route your data. For more information on how to get started, see Quick start: Process and route data using Edge Processors.

If you create additional indexes in your Splunk Cloud Platform deployment after completing these first-time setup steps, you must refresh the connection between your tenant and the Splunk Cloud Platform deployment in order to make those indexes available in the tenant. For detailed instructions, see Make more indexes available to the tenant.

Last modified on 03 December, 2024
How the Edge Processor solution works   Manage users for the Edge Processor solution

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters