Kinds of federated searches you can set up
This table lists the four kinds of federated searches that you can set up, and the Splunk Enterprise or Splunk Cloud Platform versions that those types of federated searches require.
| Kind of federated search | Local deployment | Remote deployment |
|---|---|---|
| Splunk Enterprise to Splunk Enterprise | Splunk Enterprise (version 8.2.0 or higher) | Splunk Enterprise (version 8.2.0 or higher) |
| Splunk Cloud Platform to Splunk Cloud Platform | Splunk Cloud Platform (version 8.1.2103 or higher) | Splunk Cloud Platform (version 8.1.2103 or higher) |
| Splunk Enterprise to Splunk Cloud Platform | Splunk Enterprise (version 8.2.0 or higher) | Splunk Cloud Platform (version 8.2.2104 or higher) |
| Splunk Cloud Platform to Splunk Enterprise (standard mode federated search only) | Splunk Cloud Platform (version 8.2.2203 or higher) | Splunk Enterprise (version 9.0.0 or higher) |
For more information about federated search modes, see About the standard and transparent modes.
If you have a Splunk Enterprise deployment that is lower than 8.2 and want to run federated searches without upgrading the entire deployment, you can upgrade a single search head in that deployment to 8.2 and run federated searches from that search head.
Splunk Cloud Platform environment and region support
Federated search supports Splunk Cloud Platform deployments in AWS, Google Cloud, and Microsoft Azure.
For the conditions and limitations that apply to region support for federated search in AWS and Google Cloud, including search between regions and the support of regulated cloud environments, see the coverage of federated search in the Splunk Cloud Platform Service Description.