Installation requirements for Edge Processors
Before installing an Edge Processor, make sure that the host that you're installing on meets the following requirements. Meeting these requirements and addressing issues arising from the host environment, including the hardware, operating system and network, is your responsibility.
Hardware requirements
The host machine where you want to install an Edge Processor must meet the following system requirements.
| Hardware | Specifications |
|---|---|
| CPU | 2 vCPUs |
| CPU architecture | x86 (64-bit) |
| Memory | 2 GB, assuming that 1 GB from this amount is used to run the operating system. |
| Disk space | 20 GB, assuming that the Edge Processor is configured to send data to 1 destination.
If the Edge Processor is configured to send data to multiple destinations, allocate an additional 5 GB of disk space per destination.
Note: To prevent data loss, Edge Processors store queued data on the hard drive of the host as needed.
|
To improve the performance of the Edge Processor, allocate resources beyond these minimum requirements.
Software requirements
The host machine where you want to install an Edge Processor instance cannot already have another Edge Processor instance installed on it. You must install each Edge Processor instance on a different machine.
Additionally, the system clock of the host machine must be synchronized with a Network Time Protocol (NTP) server. If the system time is incorrect, this can cause the Edge Processor installation to fail due to prematurely expired security tokens. For information about how to synchronize the system clock to an NTP server, refer to the documentation for your operating system.
Operating system support
You can only install Edge Processors on Linux servers that are on kernel version 4.9.x and higher. The following Linux distributions are supported:
- Amazon Linux 2
- Debian 10 and 11
- Red Hat Enterprise Linux (RHEL) 8.0 and higher
- SUSE Linux Enterprise 15.0 and higher
- Ubuntu 20.04 LTS and 22.04 LTS
Permissions requirements
Generally, you don't need root permissions to install and use an Edge Processor instance.
However, be aware that on Linux systems, port numbers lower than 1024 are privileged ports that require additional permissions in order to be bound. If you plan to configure your Edge Processors to use a port number lower than 1024 to listen for incoming data, then you must grant your Edge Processor instances the capability to bind to privileged ports, such as by running the instances with root permissions.
Network requirements
Configure your firewall settings and the ports on your host machines to allow your Edge Processors to communicate with data sources, data destinations, the Edge Processor service, and your Splunk platform deployment.
Firewall settings
The Edge Processors in your network must be able to communicate with the following external resources:
- The Edge Processor service in your Data Management node
- Any Splunk Enterprise deployments that are used as data destinations, including the deployment that hosts your Data Management node
Splunk collects information pertaining to the operational status of each Edge Processor. This includes information such as the amount of data that is being sent through the Edge Processors, as well as logs that track any events, warnings, or errors that have occurred.
To allow your Edge Processors to communicate with these resources, make sure that your firewall allows access to the following URLs:
| External resource | URLs |
|---|---|
| The Splunk Enterprise deployment that hosts your Edge Processor service, as well as any deployments that are used as data destinations | For each deployment, allow access to the following URL, where <localhost> is the host of the Splunk Enterprise deployment: https://localhost:8000 |
localhost ports
Edge Processors use the following ports associated with localhost or IP address 127.0.0.1 to support internal processes. Make sure that these ports are open for local loopback on the host machines where you're installing your Edge Processors.
You don't need to expose these ports to external traffic.
| Port | Details |
|---|---|
| 1777 | Edge Processors use port 1777 to send logs to the edge_diagnostic tool. You can run the edge_diagnostic tool manually and locally on the host machine of the Edge Processor. The tool compiles information from Edge Processor logs, but does not expose any information externally. For more information, see Generate a diagnostic report for an Edge Processor instance.
|
| 8888 | Edge Processors use port 8888 to send application health metrics to the control plane hosting the Edge Processor service. These metrics are viewable on the troubleshooting dashboard. |
Inbound ports
Edge Processors use inbound ports to listen for data from data sources. Make sure that these ports are available and that your network policy allows them to be opened to incoming external traffic.
You can choose which port numbers to use for each supported type of inbound data. For more information, see Configure shared Edge Processor settings.
By default, Edge Processors are configured to use the following inbound ports to receive data:
| Port | Type of data received |
|---|---|
| 8088 | Data that's transmitted through HTTP Event Collector (HEC) |
| 9997 | Data from Splunk forwarders |
Outbound ports
Edge Processors use outbound ports to communicate with other components in your Splunk platform deployment and with external destinations. Make sure that these ports are available and that your network policy allows them to be opened to outgoing external traffic.
| Port | Details |
|---|---|
| 443 | Edge Processors use port 443 to send data to Amazon S3. |
| 8089 | By default, Splunk uses port 8089 as the management port for the control plane. See Set up a data management control plane for more information.If you configured your data management control plane to use a different management port, ensure that the port you set is available to be used by Edge Processors. |
| 9997 | By default, Edge Processors use port 9997 to send data to Splunk Enterprise and Splunk Cloud Platform. |
If your Splunk platform deployments use ports other than 9997 to listen for incoming data, then you must configure your Edge Processors to use those ports instead and make sure that those ports are available.
- During the first-time setup process, you enable the Edge Processor service on the data management node in your Splunk Enterprise deployment. The listening ports used by the indexers in that deployment determine which ports your Edge Processors use to send internal logs. For more information, see First-time setup instructions for the Edge Processor solution.
- To configure the port that an Edge Processor uses to send data to Splunk Enterprise, start by adding a Splunk platform destination that specifies the correct port number. Then, use that destination in a pipeline and apply the pipeline to your Edge Processor. See Send data from Edge Processors to Splunk platform deployments using S2S and Send data from Edge Processors to non-connected Splunk platform deployments using HEC for more information.