Inter-sidecar communication

Learn about TLS end verification in inter-sidecar communication.

On the Splunk platform, a sidecar can communicate with other sidecars using one of the following connection types:

  • Through the Splunk REST API.

    • Sidecars communicate on the Splunk management port, which is the TCP/IP network port 8089.

    • If you specify settings, such as a serverCert value, in the [sslConfig] stanza of the server.conf file and reload the Splunk platform configuration, the Splunk REST API uses these settings.

    To learn more about the Splunk REST API, see Splunk REST API reference. To learn how to reload the Splunk platform configuration, see How to renew TLS certificates.

  • Through the direct port of the destination sidecar, for example, https://localhost:8194.

    • Each sidecar uses a server data plane certificate specified in the serverCertDataplane setting in the [dataplaneSslConfig] stanza of server.conf to secure its own data plane server. Through a Transport Layer Security (TLS) connection on the direct port, a connecting sidecar can verify the certificate of the destination sidecar.

      The splunkd process auto-generates all certificates when you start Splunk Enterprise the first time.

    • The Storage, Data Orchestration, Edge Processor Control Plane, and OpAmp sidecars, that support enhanced data management in Splunk Enterprise, use the ephemeral certificate-based authorization which enhances security. This authorization uses digital certificates generated for a specific task. These sidecars configure a server data plane certificate for each session.

Localhost sidecars skip hostname verification during TLS connections. The settings of the server certificates do not include the localhost name.

Data management sidecars: the trust stores for TLS verification

Learn which trust stores the data management sidecars use for TLS verification, depending on the inter-sidecar connection type.

Each of the following sidecars uses a different trust store for Transport Layer Security (TLS) verification:

  • Storage

  • Data Orchestration

  • Edge Processor Control Plane

  • OpAmp

The trust stores differ based on connection type, as shown in the following table:

Connection typeTrust store configured in server.conf
Splunk REST API

Defined by the value of one of the settings: caTrustStorePath or sslRootCAPath in the [sslConfig] stanza.

To learn about these settings, see Configure TLS certificates for communications on the Splunk management port.

Through a direct port

Defined by the value of the serverCertDataplane setting in the [dataplaneSslConfig] stanza.

The Splunk platform uses this trust store for server data plane certificates.

Unsupported settings for sidecar loopback communication

Learn about the settings in the server.conf file that the data management sidecars do not support for loopback communication.

The data management sidecars including Storage, Data Orchestration, Edge Processor Control Plane, and OpAmp do not support certain settings in the server.conf file. These settings are related to loopback communication, which is the communication within the same host. The following settings are unsupported:

[sslconfig] stanza

  • requireClientCert

  • sslCommonNameToCheck

  • sslAltNameToCheck

[pythonSslClientConfig] stanza

  • sslVerifyServerName