Splunk Cloud IP range

jodyglsi · ‎11-24-2014

Hi,

We are in the process of moving from Splunk on premise to Splunk Cloud and we need to configure LDAPS authentication (such a shame ADFS or SAML aren't supported!).
This requires we open up LDAPS on our firewall and for obvious reasons we want to limit this to only the IP's used by Splunk Cloud. Can anyone confirm these please?

Many thanks!

yannK · ‎09-11-2015

On large Splunkcloud deployments, use an nslookup on your search-head, and you will have the IP.
example : nslookup megazilla.splunkcloud.com
if you have several search-heads, use sh1.megazilla.splunkcloud.com sh2.megazilla.splunkcloud.com etc...

Remark : this does not apply to self service splunkcloud instances, as they use your splunk.com username for the authentication, and cannot use LDAP

For your indexers, use the same technique with the 5 dns load balanced addresses:
nslookup inputs1.megazilla.splunkcloud.com
nslookup inputs2.megazilla.splunkcloud.com
nslookup inputs3.megazilla.splunkcloud.com
nslookup inputs4.megazilla.splunkcloud.com
nslookup inputs5.megazilla.splunkcloud.com

.

mcronkrite · ‎09-01-2015

Contact Splunk Cloud Ops support and get the IPs of your Search Heads, and supporting management servers. Only your search heads should have direct user access. When you setup ldap.conf you will need to specify the secure port. Use good SSL certificates to complete the connection.

Splunk Cloud IP range

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...