All Apps and Add-ons

Splunk Cloud (salesforce app) into Splunk Enterprise

DaveNorman
New Member

Hi all,

Apologies if this has been covered, i couldnt find the answer in a quick search.

Is it possible to utilise the Splunk Cloud solution, but port the data into an existing Splunk on-premise Enterprise solution?
- i believe the Salesforce app is Cloud only, but we'd like the data in the enterprise version.

Im not sure how this is done [not seen the Cloud solution, is it configurable to allow the data to be ported to Enterprise?] - im assuming this should not be an issue but if anyone has any info to point me in right direction that would be great.

in terms of speed of deployment/setup, im assuming as well this shouldnt be overly complex (<1day config to setup Spolunk Cloud and intergration config)

many thanks in advance.

0 Karma

barkanasi
Explorer

Hi,

We have just released a new module called 'SkyFormation Extend' that is doing exactly this.
"SkyFormation Extend © for Splunk extracts and enriches security events from multiple business cloud applications (e.g. Salesforce, Google App) and transforms them to unified and actionable stream of security events sent into the organization’s Splunk. SkyFormation Extend© sends its security events to Splunk where they can be stored, analyzed and acted upon according to the organization’s regulations and security needs.".

This is a Java app you can install at on-premise on any machine you want, and it will take you 5 minutes to set it up.

Please have a look at:
https://splunkbase.splunk.com/app/2932/

Feel more then welcome to ask me any question at asaf@skyformation.com

Best
Asaf
SkyFormation, CEO
www.skyformation.com

0 Karma

DaveNorman
New Member

we'd prefer to have the option of forwarder from cloud to enterprise, but it seems this can only be done enterprise forwarder to cloud, and not the other way around, so it looks like using a hybrid model instead may be the only option.

This sounds like the data would remain in the cloud, but able to search from enterprise - is there any info on how to implement this? (links to hybrid info) - not come across hybrid model, and information is a little light (http://docs.splunk.com/Documentation/SplunkCloud/latest/User/Overview - its mentioned in the first paragraph, but no supplementary documentation etc) - I assume that may be because its fairly straightforward to setup a hybrid env? - has anyone setup and used a hybrid model?

thanks in advance,

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Hybrid search from on-premises to Splunk Cloud, and vice-a-versa, is possible and straightforward to setup. If you contact your account rep, or open a ticket with support, they can provide the documentation on how to configure and set this up.

Within the next two to three weeks, we should also have something posted in docs on general steps required for this.

0 Karma

ehaddad_splunk
Splunk Employee
Splunk Employee

HI Dave,

At this point there are no option to fwd the data from Cloud to on prem. The data would still reside on the cloud. Setting up the hybrid model is pretty straight fwd. Please check out the Q&A section of the Salesforce App documentation for steps on how to set it up
https://splunkbase.splunk.com/app/1931/#/documentation

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...