Skip to main content
Want the ultimate Splunk learning experience? Head to Boston a few days before .Conf25 to attend Splunk University!

Click for registration options.
Lantern Home

 

Splunk Lantern

Splunk over IPv6 runbook for Splunk Cloud Platform customers

  1. Last updated
  2. Save as PDF

 

This article provides step-by-step instructions on enabling the IPv6 traffic in a DualStack mode for Splunk Cloud Platform deployments.

Prerequisites

If you use Splunk ITSI or Splunk Enterprise Security, you might need to update your Splunk Cloud Platform version, which might require scheduling the maintenance window. In addition, you will need to upgrade the premium applications to the following versions.

IPv6 is not supported on any other Splunk premium apps.

Procedure 

  1. Contact your Splunk Solution Engineer or Regional Sales Manager to let them know you want to enable the IPv6 traffic in a DualStack mode for Splunk Cloud Platform.
  2. Work with your Solution Engineer to assess readiness, considering third-party integrations, Splunkbase apps, and network customizations.
  3. Your Solution Engineer provides you with Splunk IPv6 addresses.
  4. Update the firewall rules to let IPv6 traffic flow from and to Splunk Cloud Platform.

    You might need to go through a multi-step compliance process to update the firewall.

  5. Email your Splunk Solution Engineer or Regional Sales Manager to inform them that the firewall has been updated.
  6. The Splunk TechOps team determines the process for enabling IPv6. 
  7. The Splunk TechOps team notifies you that the IPv6 traffic in a DualStack is successfully enabled, and the traffic to and from Splunk Cloud Platform flows over IPv6.
  8. Splunk recommends that you keep the IPv4 addresses and IPv4 firewall rules so that in case of any issues with IPv6, the traffic will fall back to IPv4, and thanks to the DualStack mode, no data will be lost. This will ensure a smooth transition period. You can later turn off IPv4 traffic to achieve an IPv6-only setup. While doing so, remember to allowlist IPv6 subnets in the Admin Config Service to make the connection to Search Head, Input Data Manager, HTTP Event Collector (HEC), and via the Splunk-to-Splunk (S2S) protocol possible. You must do this first from your IPv4 subnets before you cut over to avoid losing access.