Skip to content

Install and configure

Install Hydrolix Search from Splunkbase.

In Splunk, go to Apps > Find More Apps, search for Hydrolix Search, and click Install. The installation may require logging in to Splunkbase with a Splunk account.

Required Splunk permissions⚓︎

To run queries, users need the search and list_storage_passwords capabilities.

Assign a user with the admin or sc_admin role to provide the required access.

For more access control, create a custom role:

  1. Create a Splunk role (hdxsearch_write in this example) with the following permissions:

    • list_storage_passwords
    • edit_storage_passwords
    • admin_all_objects

  2. Add this stanza to the metadata/local.meta file:

    metadata/local.meta
    1
2
    [passwords/credential%3Ahdxsearch_realm%3Apassword%3A]
access = read : [ * ], write : [ admin, hdxsearch_write, power, sc_admin ]

    This stanza grants write access to Hydrolix credential storage. The admin, sc_admin, and power roles are pre-defined in Splunk; hdxsearch_write is a custom role. Only roles listed under write can use the setup page to add or update credentials.

Assign a user the hdxsearch_write role to add Hydrolix cluster credentials.

Add and configure clusters⚓︎

Configure one or more Hydrolix clusters to make them available as data sources in Splunk.

Set cluster credentials⚓︎

After installation, go to Apps > Manage Apps, find Hydrolix Search in the list, and click Set up.

  1. Select the authentication method: user credentials or a service account token. For information on creating a service account and associated tokens, see Manage Service Accounts.

    Two cluster configurations, one using typical credentials, the other an authorization token

  2. Fill in the configuration fields:

    Field Name Description Example
    Cluster Name The name used to refer to this cluster in Splunk Search Processing Language (SPL) queries cluster-1
    Host:Port The hostname (and optional port number) of the Hydrolix cluster ${HDX_HOSTNAME}.hydrolix.live:443
    Username The username for authenticating with the Hydrolix cluster user@domain.tld
    Password The password for the above user example-password
    API Token The token used for authorization to a Hydrolix cluster which is associated with a service account. See authorization tokens for more information. eyJhbGci...
    Default result count limit The maximum number of records to retrieve per query (unless overridden by the query) 5000

    Splunk Cloud: Use port 443 or don't specify a port

    The default network rules for Splunk Cloud prohibit outbound TCP connections on port 8088. Configure port 443 or omit a port entirely. Configuring port 8088 may result in 404 responses in the Splunk console when querying the Hydrolix cluster.

  3. Click MAKE DEFAULT CLUSTER on the right side of the cluster row to set it as the default.

  4. (Optional) Choose OR ADD CLUSTER and fill in the configuration fields for each additional cluster.
  5. Select SAVE CHANGES. Saving changes overwrites any existing settings.

Splunk redirects to the query screen of the Hydrolix Search for Splunk application.

Configure proxy⚓︎

To configure per-cluster proxy settings for Splunk instances that connect to Hydrolix clusters through an HTTP proxy:

  1. Edit $SPLUNK_HOME/etc/apps/hdxsearch/local/hdxsearch.conf.

    1. Create the file if it doesn't exist.

  2. Add a [proxies] stanza with a proxies key containing a JSON array. Each entry in the array maps one cluster to one proxy:

    local/hdxsearch.conf
    1
2
    [proxies]
proxies = [{"cluster": "my-cluster", "protocol": "http", "host": "proxy.example.com", "port": 8080}]

Each proxy entry supports the following fields:

Field Required Description
cluster Yes The cluster name as configured on the setup page. Must match exactly.
protocol Yes The proxy protocol: http or https.
host Yes The hostname or IP address of the proxy.
port Yes The port number of the proxy.
user No Username for proxy authentication.
password No Password for proxy authentication.

To configure proxy authentication, include the user and password fields:

local/hdxsearch.conf
1
2
[proxies]
proxies = [{"cluster": "my-cluster", "protocol": "http", "host": "proxy.example.com", "port": 8080, "user": "proxyuser", "password": "proxypass"}]

To route different clusters through different proxies, add multiple entries to the array:

local/hdxsearch.conf
1
2
[proxies]
proxies = [{"cluster": "cluster-1", "protocol": "http", "host": "proxy-us.example.com", "port": 8080}, {"cluster": "cluster-2", "protocol": "http", "host": "proxy-eu.example.com", "port": 8080}]

Clusters with no matching entry in the proxies array connect directly without a proxy.

Restart Splunk after saving changes to hdxsearch.conf for the configuration to take effect.

Reconfigure an existing cluster⚓︎

  1. Go to Apps > Manage Apps.
  2. Type Hydrolix in the search box and under Actions, click Set up.

The cluster configuration screen opens, populated with the currently-configured clusters.