Limitations for Splunk Cloud outgoing traffic

cfcsolutions · ‎04-03-2019

We will be using a Splunk app (https://splunkbase.splunk.com/app/4422/ disclaimer: we made this app) to send out alerts from Splunk Cloud instances.

Is the free Splunk cloud trial limited somehow in outgoing traffic?
Is there any difference with a non-trial version?
Is there any settings/rules that we should do to allow this traffic?
From which component would the traffic go out? This is useful for us to whitelist this traffic.

felsherif_splun · ‎04-03-2019

Same as licensed Splunk Cloud, 5% of daily ingest for optimal performance, check out the FAQ for more details too, https://docs.splunk.com/Documentation/SplunkCloud/latest/FAQs/FAQs#Splunk_Cloud_Free_Trial_FAQ
Assuming your alerts app alerting on search results like other alerts, then the recommended search results egress through API or even gui again is no more than 5% of ingested data, check also Splunk Cloud service description https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice
You may have to submit a Support request to open the API port on your Splunk Cloud stack
Ensure SSL - TCP 443 and API - TCP 8089 are allowed at your end, and yes you could request whitelist via a Support ticket too