November, the season of post-conf, is upon us. Hopefully all you Splunk admins and sc_admins are craving the release of a ton of new .conf21 Splunk features. Well, good news, because Connected Experiences is here to help you get started with everything Splunk Mobile, Augmented Reality, TV and iPad with this one handy guide. Let’s get started!
How Does It All Work?
First, let’s familiarize ourselves with the Connected Experiences product line. Specifically, let’s start with two backend products that facilitate the secure transfer and management of your Splunk data. The first, Splunk Secure Gateway, is a Splunk app that lets you administer and manage your fleet of mobile devices at scale. It’s also where authorized users can register their mobile devices.
Next, let’s discuss the second backend product, Spacebridge. Spacebridge is a cloud-hosted service that securely routes data between Splunk platform instances and connected devices. As of February 2021, Spacebridge has been certified to meet SOC2, Type 2, and ISO27001 standards and is HIPAA and PCI-DSS compliant.
Overall, packets of requested data are collected by Splunk Secure Gateway, then passed through Spacebridge to authorized mobile devices. End to end encryption is used throughout this process, meaning that only the correct mobile device can decrypt the data and view Splunk data — not even Spacebridge sees Splunk data!
How Can I Make It Happen For My Splunk Instance?
Great! Now we know how our data gets to mobile. Let’s go over how to make this happen in your organization. To begin using Connected Experiences, start by ensuring that you’re using one of the following Splunk platform versions:
- Splunk Cloud Platform 8.1.2103 or higher
- Splunk Enterprise 8.1 or higher
The Secure Gateway Splunk app is already included in these Splunk platform versions, with more recent Splunk releases carrying new and improved SSG features. To get started, simply enable SSG and/or click into the app from the Splunk app list. After completing the in-app admin/sc_admin onboarding steps, Spacebridge is automatically configured on the administrator’s behalf meaning no manual port management is needed. At this point, all Splunk users can take advantage of Connected Experiences by registering mobile devices under their Splunk user.
On the topic of Splunk users, let’s talk about user management. Connected Experiences is built right on top of Splunk's core authentication system and uses Splunk’s role-based access controls (RBAC) rules, meaning users accessing data on mobile devices have the same access as they would on the web. Also in line with the web experience, the mobile device is valid as long as the credentials used at the time of the registration are still valid. If the credentials become invalid, the application automatically logs out the user at the next application load, cutting off access to the Splunk platform instance.
Connected Experiences supports both local and SAML account types, and a variety of SAML Identity Providers (IdP). To take advantage of SAML with Connected Experiences, administrators must complete these steps:
- Connect your Splunk platform to a supported SAML IdP using scripted authentication or Attribute Query Request (AQR)
- Enable tokens in Splunk
For detailed information about the above steps, check out our Splunk SAML documentation here.
Finally, at .conf21 a new feature was released called App and Dashboard Selection. Named for exactly what it offers, App & Dashboard Selection allows admins to select exactly which Splunk apps should be sent to Connected Experiences applications. Then, admins can also choose to route certain dashboards to each CX platform (mobile, AR, TV, iPad), giving admins the ultimate customization over their entire CX deployment.
Check Out Some Demos!
After all that reading, we now have an idea of (1) how the data gets to mobile, (2) how to unlock mobile for your Splunk instance, and (3) how user management works. But, you don’t have to take my word for it — check out this video that demos the above topics and shows you how to make it all happen! Plus, if you’re looking for more in-depth content, it’s also worth watching our .conf21 session Get Started with Connected Experiences, which goes into more details about the security and architecture of Connected Experiences, along with more real world examples.
All in all, we hope these new features, like App & Dashboard Selection or QR Code registration, make it easier than ever to get started with Splunk Mobile, AR, TV and Splunk for iPad. For all you admins out there, I hope this guide serves as a helpful and inspirational guide as you dive into Connected Experiences and unleash your Splunk data for your organization.
This article was co-authored by Dylan Conway, Product Manager for Mobile, and Jesse Chor, VP of Engineering.