Announcing AWS PrivateLink Support on Splunk Cloud Platform

By Vineet Vashist

Moving to Splunk Cloud Platform has a lot of benefits, including flexibility, agility, and scalability. However, we understand that migrating to cloud is not a trivial task and can also bring up security concerns especially when it comes to having your data traverse the internet.

By default, Splunk Cloud Platform addresses this concern by enabling encryption of data in flight using TLS 1.2+ for ingest and HTTPS for search data. While our industry-leading standards meet the security requirements of the majority of Splunk Cloud Platform customers, organizations in highly regulated environments require additional capabilities to help ensure their compliance and security needs are met. For a subset of customers in the financial, healthcare, and public sector — sending their mission-critical data over the public internet (or publicly accessible IPs) had been a soaring pain point, thwarting their transition to cloud.

We wanted to eliminate this barrier!

I am excited to announce support for private connectivity on the Splunk Cloud Platform through AWS PrivateLink. Private Connectivity enables our customers in regulated environments with an AWS presence to send data (Forwarder and HEC traffic) as well as access search tier of their Splunk Cloud stack over private endpoints, without ever exposing it over the public internet.

As a true SaaS provider, we want to offer solutions that are scalable, widely acceptable, and easy to onboard, all while ensuring your needs are being met. Through AWS PrivateLink and Splunk Cloud's self-service capabilities (Admin Config Service APIs), we provide a seamless onboarding experience for customers seeking private connectivity in their environment.

Sending data through private connectivity offers several benefits:

Security

Unidirectional network communications: The connection is always initiated from your AWS VPC (service consumer) and flows into the Splunk Cloud Platform through service endpoints configured specifically for your Splunk Cloud stack. The VPC endpoint service on the Splunk stack is configured to only permit connections from AWS Account IDs provided by you.
Clearly defined security boundaries: You can configure security group(s) and create endpoint policies that apply to service endpoints and Splunk controls. These security groups help ensure that the service endpoints are only exposed to connections over Private Connectivity

Simplified Operations

Designed to work with overlapping CIDR blocks: Using AWS PrivateLink eliminates the need for coordinating and negotiating IP address spaces, allowing for better manageability as your needs scale.
Requires minimal DNS registration of private IP addresses: Since there is no need to coordinate IP space and routing, you are in complete control of provisioning and managing the DNS records required to resolve to Splunk’s endpoint service.

Bolster Your Compliance Posture

By preventing your mission-critical data from traversing the internet, private connectivity reduces your exposure to threats and helps you expand your Splunk Cloud Platform – all while working within your security and compliance boundaries.

Availability Overview (Updated January 2024)

Private connectivity is available as an opt-in connectivity option for:

All new and existing AWS commercial customers & FedRAMP moderate subscriptions on GovCloud
Ingest Data sent to Splunk Cloud Platform from Universal forwarders, Heavy forwards or HEC endpoint & incoming Search, API and UI access traffic can be enabled to flow over AWS Private link
Customers have the flexibility to only choose endpoints that need to traverse via private connectivity – Data Ingest only Search tier only, or both
Support for mix connectivity mode (public and private) by default – this is critical for our existing customers to seamlessly onboard without facing service disruptions as well as in keeping additional public connectivity routes available as-is
At no additional cost* to onboard on Splunk Cloud Platform

You can learn more about the functionality and evaluate if it is the right choice for you by reviewing the private connectivity Overview and the Getting started guide.

^{*Customers are responsible for AWS data transfer costs associated with their VPC. For more info, refer to AWS Private link pricing.}

^{AWS is a trademark of Amazon.com, Inc. or its affiliates.}

Dashboard Studio: Level-Up Your App with Dashboard Studio

We reimagined the dashboards in the Microsoft 365 App for Splunk using Dashboard Studio, and you can too!

Platform 6 Min Read

Walkthrough to Set Up the Deep Learning Toolkit for Splunk with Amazon EKS

Splunk DLTK supports Docker as well as Kubernetes and OpenShift as container environments. In this article, we will go through the setup for using DLTK 3.3 and Amazon EKS as a kubernetes environment.

Platform 2 Min Read

Data Manager Enables Microsoft Azure Data Onboarding!

We're excited to share that Data Manager now supports the onboarding of Microsoft Azure data sources, allowing you to use the same Data Manager application in your Splunk Cloud Platform to onboard critical Azure data sources to generate actionable insights in Splunk.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.