About the Edge Processor solution
The Edge Processor solution is a data processing solution that works at the edge of your network. Use the Edge Processor solution to filter, mask, and transform your data close to its source before routing the processed data to external environments.
The Edge Processor solution is suitable for Splunk Enterprise administrators who use forwarders, syslog devices, or HTTP Event Collector (HEC) to get data into their deployments. You can use the Edge Processor solution on a Splunk Enterprise instance running version 10.0.0. Edge Processor is compatible with supported forwarder-indexer combinations where forwarders run on version 8.2.x or higher. See Compatibility between forwarders and Splunk Enterprise indexers for more information on forwarder-indexer version compatibility.
By paring down and sanitizing data before sending it out to Splunk indexes or Amazon S3 buckets, you can reduce data storage costs and help prevent confidential data from leaving your network. With the Edge Processor solution, you can also manage your data processing configurations and monitor your data ingest traffic through a centralized Splunk service.
Compare data management solutions
Edge Processor is one of multiple Splunk data management solutions that process and route data prior to indexing. To compare Edge Processor features, implementation, and processing capabilities to other data management offerings, see Explore Data Management Solutions.
How to use the Edge Processor solution
The Edge Processor solution combines Splunk-managed services, on-premises data processing software, and Search Processing Language, version 2 (SPL2) pipelines to support data processing at the edge of your network. The following table describes how these components work together and how you can use them:
| Component | Description | Usage |
|---|---|---|
| Edge Processor | A data processing engine that allocates resources for processing and routing data | You install Edge Processors on machines in your local network. Edge Processors provide an on-premises data plane that lets you reduce and sanitize your data before sending it outside of your network. |
| Edge Processor service | A service that enables managing Edge Processors | Splunk hosts the Edge Processor service as part of Splunk Enterprise. The Edge Processor service provides a control plane that lets you deploy configurations, monitor the status of your Edge Processors, and gain visibility into the amount of data that is moving through your network. |
| Pipeline | A set of data processing instructions written in SPL2, which is the data search and preparation language used by Splunk software | In the Edge Processor service, you create pipelines to specify what data to process, how to process it, and what destination to send the processed data to. Then, you apply pipelines to your Edge Processors to configure them to start processing data according to those instructions. |
By using the Edge Processor solution, you can process data in your own local network while also managing and monitoring your data ingest ecosystem from a self-managed service.
This diagram provides an overview of the following:
- The components that comprise the Edge Processor solution, hosted in your local environment. See the System architecture of the Edge Processor solution for more information.
- The path your data takes as it moves from source to destination through an Edge Processor. See the How data moves through the Edge Processor solution for more information.
Start using the Edge Processor solution
To start using the Edge Processor solution, you need to set up a data management control plane within your Splunk Enterprise deployment. See Set up a data management control plane for more information.
If you are the first Edge Processor user on your data management control plane, you need to complete a one-time setup procedure to fully activate the Edge Processor service. See First-time setup instructions for the Edge Processor solution for more information.
To start processing data at the edge of your network, you first need to install an Edge Processor on a machine in your network. Then, specify how you want to process and route your data by creating pipelines using SPL2. Finally, configure your data sources to send data to your Edge Processor. For more guidance on getting started, see Quick start: Process and route data using Edge Processors.
For in-depth information about the Edge Processor solution, see the How the Edge Processor solution works chapter.
See also
See the following documentation for more information about the Edge Processor solution and other Splunk software that works in conjunction with the Edge Processor solution.
| For this information | Refer to this documentation |
|---|---|
| System requirements that apply to the data management control plane | Setup prerequisites |
| Complete information about the supported SPL2 commands and functions | The following pages in the SPL2 Search Reference: |
| How to configure Splunk forwarders | The Forwarding Data manual |
| How to configure HEC | Set up and use HTTP Event Collector in Splunk Web |