Splunk Cloud Platform

Search Experience preview

This documentation does not apply to the most recent version of Splunk Cloud Platform. For documentation on the most recent version, go to the latest release.

Connecting your Splunk Cloud deployment to Search Experience preview

Preview features are provided by Splunk to you "as is" without any warranties, maintenance and support, or service level commitments. Splunk makes this preview feature available in its sole discretion and may discontinue it at any time. Use of preview features is subject to the Splunk General Terms.

To make indexes in your Splunk Cloud Platform deployment visible in the Splunk Cloud Search Experience preview, you must:

  1. Setup a connection between your deployment and the Search Experience preview.
  2. Grant permission to your deployment indexes that you want users in the Search Experience preview to access.

This topic guides you through the steps to setup a connection between your deployment and the Search Experience preview. For security reasons, your indexes are visible only to admins in the Search Experience preview. However, you can grant non-admin users permission to see the indexes. After you complete the steps in this topic, see Permission your indexes in Search Experience preview.

The following diagram illustrates the connection and permission actions necessary to connect your Splunk Cloud deployment to the Splunk Cloud Search Experience preview:

This diagram shows an example of the Service Account Credentials for both a Spunk Cloud deployment and the Search Experience preview. The Splunk Cloud deployment example has four indexes, which are accessed by the service_acct User through the scp_user Role. The Search  Experience shows that Spunk Cloud deployment accesses three of the four indexes on the Spunk Cloud deployment by the admin User through the admin Role. In addition, the Search Experience preview shows a userA User and a user Role.

Setup steps in your Splunk Cloud Platform deployment

In your Splunk Cloud Platform deployment, you must create a service account role and then create and map a user to the service account role.

Create a Service Account role

  1. Using your admin credentials, log into your Splunk Cloud Platform deployment.
  2. Create the role for the service account by cloning the default user.
    1. Under Settings in the Users and Authentication section, select Roles.
    2. Find the default user role, click Edit, Clone to clone the role. This image shows the Edit menu. The Clone option is the last option on the menu.

    3. Specify a name for the new role, such as scp_user, as shown in the following image: This image shows Clone Role window where you specify the name for the new role. There are five components that the role can clone: inheritance, capabilities, indexes, restrictions, and resources.

    4. If you have search head clustering (SHC) on your Splunk Cloud Platform deployment, you must add a capability to the service account role. Click 2. Capabilities and check list_search_head_clustering to add this capability to the role.

    5. Decide which indexes you want to make available. You can make all of the indexes or specific indexes from your Splunk Cloud Platform deployment available in the Search Experience preview:
      * To make all of the indexes available, skip this step and proceed to the next step to use Resources to change the concurrent search limitations.
      * To make only specific indexes available, complete this step:
      1. Click 3. Indexes and uncheck the box under Included for All non-internal indexes, as shown in the following image:
        This image shows the Indexes step where you select the indexes that you to make available in the Search Experience preview. In the list of indexes, there are two columns that contain check boxes. The columns are "Included' and "Default".

      2. Select the indexes that you want visible in the Search Experience preview by marking the check boxes in the Included column. In the following image, the history, main, and summary indexes are selected. This image shows the Indexes step with several indexes checked.

    6. To avoid concurrent search limitations, click 5. Resources.
      • Under Role search job limit, change the Standard search limit to 200.
      • Under User search job limit, change the Standard search limit to 100.
    7. Click Save.

Create and map a user to the service account role

After you create the service account role, you need to create a user and map that user to the service account role. If you haven't created the service account role, see Create a service account role.

  1. Under Settings in the Users and Authentication section, select Users.
  2. Click New User.
  3. Specify a Name for the user. In this example, service_acct is used for the name.
  4. Specify and confirm a Password for the user. Make the password something that is easy to remember.
  5. In the Assign role box, select the role that you created, for example scp_user.
  6. Remove the default user role. The new user settings should look like this: This image shows the Create User dialog box where you specify the user name, password, and the role you assign to the user.

  7. Uncheck the Require password change on first login box. This image shows the bottom of the Create User dialog box where you uncheck the option to require users to change the password when they log in for the first time.

  8. Click Save.
  9. Make note of the first part of your Splunk Cloud stack URL. You need this information in the next section. In the following image, scpanalytics.splunkcloud.com is the part of the URL to make note of. This image shows an example of a Splunk Cloud stack URL.
  10. Confirm the setup by testing the service account credentials. Log in with the credentials that you specified for the user you created.
  11. On some systems, you might be prompted to reset the password, even though you unchecked that option. If prompted, reset the password.

The setup on your Splunk Cloud deployment side is now complete. Continue with the steps in the next section.

Setup steps in the Search Experience preview

You need to connect from the Search Experience preview to your indexes on you Splunk Cloud Platform deployment.

Connect to your data

  1. Log into the Search Experience preview as an admin.
  2. On the App bar, select the Settings icon and System connections.
    This image shows the Settings icon selected, which looks like a gear. Two options show "Cloud Console" and "System connections".

  3. Select the New Platform Connection button.
  4. In the Connect to your data window, specify the information to connect to your Splunk Cloud Platform deployment. The following image identifies the fields. The table below the image describes the values that you need to specify.
    This image shows the "Connect to your data" window and the fields you need to fill in.

    Number Element Description
    1 Connection name The name of the connection. The value scpbridge is provided and can't be changed.
    2 Hostname The URL for your Splunk Cloud Platform deployment. The https:// is assumed. For example, if your URL is https://scpanalytics.splunkcloud.com you would specify scpanalytics.splunkcloud.com
    3 Management port The default port number. Most Splunk Cloud Platform deployments use the 8089 port as the default port. If you changed the default port in your deployment, specify that port number.
    4 Service account username The name of the user that you created. For example service_acct.
    5 Service account password The password that you specified when you created the user and mapped the user to the role in the Create and map a user to the service account role section.
  5. Click Create. A message appears to confirm that the setup was successfully completed. This image shows the confirmation message.

    The System connections page shows the connections that you have, including this new connection. Use the icons on the connection card to refresh, edit, or delete the connection.
    This image shows a summary card of the connection you created.

View and edit the connection

  1. On the App bar, select the Settings icon and select System connections.
  2. On the System connections window, you can see the port, username, and number of datasets associated with the connection.
  3. Use the Edit icon This image shows an icon that looks like a pencil. to make changes to your connection.

Refresh the connection

When indexes are added to your Splunk Cloud Platform deployment, or if you changed user permissions to any of your indexes, you must refresh the connection.

  1. On the App bar, select the Settings icon and select System connections.
  2. On the System connections window, you can see the port, username, and number of datasets associated with the connection.
  3. Use the Refresh icon This image shows an icon that looks like a circle with arrows pointing clockwise. to refresh the connection.

You have completed the steps to connect your Splunk Cloud Platform deployment to the Search Experience preview.

Next, you need to grant non-admin users permission to access your deployment indexes from within the Search Experience preview. See Permission your indexes in Search Experience preview.

Make more indexes available

After your initial setup, you can make additional indexes available in the Search Experience preview.

In your Splunk Cloud Platform deployment:

  1. Under Settings in the USERS AND AUTHENTICATION section, select Roles.
  2. Locate the role you created for the connection, such as scp_user.
  3. Click 3. Indexes and select the indexes that you want visible in the Search Experience preview.
  4. Click Save.

In the Search Experience preview:

  1. On the Home page, click View Connection.
  2. Click the Refresh icon This image shows an icon that looks like two curved arrows going in a circle..
  3. Click Done.

Limitations

Knowledge objects
Currently, indexes are the only knowledge object that you can make available in the Search Experience preview.
Connections
You can connect a single Splunk Cloud deployment to one or more Search Experience preview tenants. In the following diagram, these connections are shown from STACK_A to CLOUD_A and CLOUD_B.
However, you can't connect multiple Splunk Cloud deployments to the same Search Experience preview tenant. In the following diagram, the invalid connections are from STACK_A and STACK_B to CLOUD_A.

This diagram shows two Splunk Cloud Platform deployments, stack A and stack B and two new Search Experience preview instances, cloud A and cloud B. The diagram shows the valid an invalid connections between the Splunk Cloud Platform deployments and the Search Experience preview instances.

See also

Known issues

Next step

Now that you have completed the connection steps, you need to grant permission to your deployment indexes. See Grant users access to indexes in Search Experience preview.

Last modified on 19 December, 2023
Sample data   Grant users access to indexes in Search Experience preview

This documentation applies to the following versions of Splunk Cloud Platform: search2preview


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters