Allow Splunk Observability Cloud services in your network 🔗
Splunk Observability Cloud is composed of a number of different services. If your organization has stringent networking security policies that apply to sending data to third parties, use one of the following methods to ensure network access to Splunk Observability Cloud services:
Use a simple HTTP/HTTPS proxy 🔗
If you can get out to the internet using a proxy, then using an HTTP/HTTPS proxy is your simplest option.
Ensure that you give the proxy the ability to resolve the network names and make outbound HTTP/HTTPS network connections to the URLs listed in URLs to allow in your network or the domains listed in Domains to allow in your network.
Use Splunk OpenTelemetry Collector 🔗
Use Splunk OpenTelemetry Collector in gateway mode. You can forward metrics locally to Splunk OpenTelemetry Collector and it will serve as your local store-and-forward service for telemetry.
Ensure that you give Splunk OpenTelemetry Collector the ability to resolve the network names and make outbound HTTPS network connections to the URLs listed in URLs to allow in your network or the domains listed in Domains to allow in your network.
Replace the SignalFx Gateway with Splunk OpenTelemetry Collector 🔗
If you are using the SignalFx Gateway, replace it with the Splunk OpenTelemetry Collector running in gateway mode.
URLs to allow in your network 🔗
Note about realms
A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the
us1 realm is
https://ingest.us1.signalfx.com, while the endpoint for sending data in the
eu0 realm is
When you see a placeholder realm name in the documentation, such as
<YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the left navigation menu in Observability Cloud, select , and select your username. The realm name appears in the Organizations section. If you don’t include the realm name when specifying an endpoint, Observability Cloud defaults to the
If your organization’s networking security policies require that services delivered over the internet be individually allowed, ensure that the following service URLs are allowed by your network.
If you are unable to allow all URLs as shown here, see Domains to allow in your network.
Domains to allow in your network 🔗
If you are unable to allow all URLs as described in URLs to allow in your network, ensure that the following domains are allowed by your network.
# SignalFx API base URL (https://dev.splunk.com/observability/docs/apibasics/api_list) api.<YOUR_REALM>.signalfx.com # Splunk Observability Cloud user interface app.<YOUR_REALM>.signalfx.com customer-api.<YOUR_REALM>.signalfx.com # CDN for Splunk Observability Cloud files and installers dl.signalfx.com # Backfill API base URL (https://dev.splunk.com/observability/reference/api/backfill/latest) backfill.<YOUR_REALM>.signalfx.com # Data ingest API base URL (https://dev.splunk.com/observability/docs/datamodel/ingest/) ingest.<YOUR_REALM>.signalfx.com # SignalFlow API base URL (https://dev.splunk.com/observability/reference/api/signalflow/latest) stream.<YOUR_REALM>.signalfx.com # For td-agent/Fluentd on Linux and Windows packages.treasuredata.com # For DEB/RPM collector packages splunk.jfrog.io
For more information, see Endpoint Summary in the Developer Guide.