Docs » Authentication and Security » Allow Splunk Observability Cloud services in your network

Allow Splunk Observability Cloud services in your network đź”—

A number of different services make up Splunk Observability Cloud. If your organization has stringent networking security policies that apply to sending data to third parties, use one of the following methods to ensure network access to Splunk Observability Cloud services:

Note

If you write to http://domain/path, the request must happen on port 80. Similarly, if you write to https://domain/path, the request must happen on port 443. If you want to use a different port, you must use http[s]://domain:port/path

Use a simple HTTP/HTTPS proxy đź”—

If you can get out to the internet using a proxy, then using an HTTP/HTTPS proxy is your simplest option.

Ensure that you give the proxy the ability to resolve the network names and make outbound HTTP/HTTPS network connections to the URLs listed in URLs to allow in your network or the domains listed in Domains to allow in your network.

Use the Splunk Distribution of the OpenTelemetry Collector đź”—

Use the Splunk Distribution of OpenTelemetry Collector in data forwarding (gateway) mode. You can forward metrics locally to the Splunk Distribution of OpenTelemetry Collector, which serves as your local store-and-forward service for telemetry.

Ensure that you give the Splunk Distribution of OpenTelemetry Collector the ability to resolve the network names and make outbound HTTPS network connections to the URLs listed in URLs to allow in your network or the domains listed in Domains to allow in your network. Verify also the list of exposed ports and endpoints.

Configure proxy settings for the Collector đź”—

You might have to configure proxy settings for two separate actions:

  • Download the Collector files, either through the installer script or manually.

  • Allow the Collector to send telemetry through the inline or transparent proxy.

To configure proxy settings, set one of the following environment variables according to your needs and following the best practices for your environment and platform:

  • HTTP_PROXY: The HTTP proxy address

  • HTTPS_PROXY: The HTTPS proxy address

  • NO_PROXY: If you have a proxy, this option sets addresses that don’t use the proxy

The following examples show how to set the HTTP_PROXY and HTTPS_PROXY environment variable for hosts and containers:

# Edit the example systemd environment file in
# /etc/otel/collector/splunk-otel-collector.conf.example

NO_PROXY=<address,anotheraddress>
HTTP_PROXY=http://<proxy.address:port>
HTTPS_PROXY=http://<proxy.address:port>

Restart the Collector after adding these environment variables to your configuration.

URLs to allow in your network đź”—

Note

About realms

A realm is a self-contained deployment of Splunk Observability Cloud in which your organization is hosted. Different realms have different API endpoints. For example, the endpoint for sending data in the us1 realm is https://ingest.us1.signalfx.com, while the endpoint for sending data in the eu0 realm is https://ingest.eu0.signalfx.com.

When you see a placeholder realm name in the documentation, such as <YOUR_REALM>, replace it with your actual realm name. To find your realm name, open the navigation menu in Splunk Observability Cloud, select Settings, and select your username. Locate the realm name in the Organizations section If you don’t include the realm name when specifying an endpoint, Splunk Observability Cloud defaults to the us0 realm.

If your organization’s networking security policies require you to individually allow services delivered over the internet, ensure that you allow the following service URLs on your network:

\*.signalfx.com

\*.<YOUR_REALM>.signalfx.com

You also need to allow the following URLs:

  • packages.treasuredata.com

  • splunk.jfrog.io

  • jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com

If you’re unable to allow all the URLs listed in this section, see Domains to allow in your network.

Domains to allow in your network đź”—

If you’re unable to allow all URLs as described in URLs to allow in your network, ensure that you allow the following domains on your network:

# Splunk Observability Cloud API base URL (https://dev.splunk.com/observability/docs/apibasics/api_list)
api.<YOUR_REALM>.signalfx.com

# Splunk Observability Cloud user interface
app.<YOUR_REALM>.signalfx.com
customer-api.<YOUR_REALM>.signalfx.com

# CDN for Splunk Observability Cloud files and installers
# Note that files might be hosted on Github.com
dl.signalfx.com

# Backfill API base URL (https://dev.splunk.com/observability/reference/api/backfill/latest)
backfill.<YOUR_REALM>.signalfx.com

# Data ingest API base URL (https://dev.splunk.com/observability/docs/datamodel/ingest/)
ingest.<YOUR_REALM>.signalfx.com

# SignalFlow API base URL (https://dev.splunk.com/observability/reference/api/signalflow/latest)
stream.<YOUR_REALM>.signalfx.com

# RUM ingest endpoint
rum-ingest.<YOUR_REALM>.signalfx.com/v1/rum

# For td-agent/Fluentd on Linux and Windows
packages.treasuredata.com

# For DEB/RPM collector packages
splunk.jfrog.io
jfrog-prod-use1-shared-virginia-main.s3.amazonaws.com

Note

For more information, see the Endpoint Summary topic in the Splunk Observability Cloud Developer Guide.

This page was last updated on May 28, 2024.