Splunk Cloud Platform

Use Edge Processors

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

About the Edge Processor solution

The Edge Processor solution is a data processing solution that works at the edge of your network. Use the Edge Processor solution to filter, mask, and transform your data close to its source before routing the processed data to external environments.

The Edge Processor solution is suitable for Splunk Cloud Platform administrators who use forwarders or HTTP Event Collector (HEC) to get data into their deployments. It is available on both Classic Experience and Victoria Experience. You can use the Edge Processor solution if your Splunk Cloud Platform deployment meets the following requirements:

  • Runs Splunk Cloud Platform version 9.0.2209 and higher.
  • Is provisioned in a region that supports Edge Processors. See Available regions and region differences in the Splunk Cloud Platform Service Description.
  • Is provisioned in a cloud environment that does not use the DoD IL5 or FedRAMP Moderate subscription types.

By paring down and sanitizing data before sending it out to Splunk indexes or Amazon S3 buckets, you can reduce data storage costs and help prevent confidential data from leaving your network. With the Edge Processor solution, you can also manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk Cloud service.

For information about the latest product updates, see The Edge Processor solution in Release Notes.

Product components

The Edge Processor solution combines Splunk-managed cloud services, on-premises data processing software, and Search Processing Language, version 2 (SPL2) pipelines to support data processing at the edge of your network. The Edge Processor solution consists of the following main components:

Component Description Usage
Edge Processor A data processing engine that allocates resources for processing and routing data You install Edge Processors on machines in your local network. Edge Processors provide an on-premises data plane that lets you reduce and sanitize your data before sending it outside of your network.
Edge Processor service A cloud service that provides a centralized console for managing Edge Processors Splunk hosts the Edge Processor service as part of Splunk Cloud Platform. The Edge Processor service provides a cloud control plane that lets you deploy configurations, monitor the status of your Edge Processors, and gain visibility into the amount of data that is moving through your network.
Pipeline A set of data processing instructions written in SPL2, which is the data search and preparation language used by Splunk software In the Edge Processor service, you create pipelines to specify what data to process, how to process it, and what destination to send the processed data to. Then, you apply pipelines to your Edge Processors to configure them to start processing data according to those instructions.

To learn more about how the Edge Processor solution works and become more familiar with key terms and concepts, see How the Edge Processor solution works. For information about the types of data processing operations that are supported, see Edge Processor pipeline syntax.

Get started with the Edge Processor solution

Start by verifying whether you already have access to the Edge Processor solution. To do this, open a browser and navigate to https://px.scs.splunk.com/<tenant>, where <tenant> is the name of your Splunk Cloud Platform deployment. If this URL resolves to a login page, that means you already have access to the Edge Processor solution.

If the URL does not work, then you need to request access to the Edge Processor solution by either contacting your Splunk account representative or sending an email to edgeprocessor@splunk.com. You'll be asked to provide information such as the region in which you want the service to be activated and the name of a Splunk Cloud Platform deployment that you want to connect with the Edge Processor solution. This connection is required for provisioning the Edge Processor solution, since the Splunk Cloud Platform deployment must be used as the following:

  • An identity provider for managing user accounts and logins for the Edge Processor service.
  • A storage location for the logs and metrics generated by your Edge Processors.

When the provisioning process is completed, you receive a welcome email confirming that you now have access to a tenant in the Splunk cloud environment. To start using the Edge Processor solution, navigate to this tenant and log in using your Splunk Cloud Platform credentials.

If you are the first Edge Processor user on that tenant, you need to complete a one-time setup procedure to fully activate the Edge Processor service. See First-time setup instructions for the Edge Processor solution for more information.

To start processing data at the edge of your network, you first need to install an Edge Processor on a machine in your network. Then, specify how you want to process and route your data by creating pipelines using SPL2. Finally, configure your data sources to send data to your Edge Processor. For more guidance on getting started, see Quick start: Process and route data using Edge Processors.

See also

See the following documentation for more information about the Edge Processor solution and other Splunk software that works in conjunction with the Edge Processor solution.

For this information Refer to this documentation
Service limits that apply to the Edge Processor solution Tested and recommended service limits (soft limits) in the Splunk Cloud Platform Service Description
Complete information about the supported SPL2 commands and functions The following pages in the SPL2 Search Reference:
How to configure Splunk forwarders The Forwarding Data manual
How to configure HEC Set up and use HTTP Event Collector in Splunk Web
Last modified on 22 September, 2023
How the Edge Processor solution works

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209, 9.0.2303, 9.0.2305 (latest FedRAMP release)

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters