From 85643cb3ab1a3c8518d667266d56e48e43287635 Mon Sep 17 00:00:00 2001
From: michaelryanmcneill <michael@michaelryanmcneill.com>
Date: Tue, 28 Jan 2025 09:49:55 -0500
Subject: [PATCH] OSDOCS-13243: Removing references to Splunk Forwarder tcpout

---
 modules/cluster-wide-proxy-preqs.adoc         | 31 -----------------
 ...ws-privatelink-firewall-prerequisites.adoc | 19 -----------
 .../osd-gcp-psc-firewall-prerequisites.adoc   | 34 -------------------
 osd_whats_new/osd-whats-new.adoc              |  4 +++
 rosa_release_notes/rosa-release-notes.adoc    |  2 ++
 5 files changed, 6 insertions(+), 84 deletions(-)

diff --git a/modules/cluster-wide-proxy-preqs.adoc b/modules/cluster-wide-proxy-preqs.adoc
index 1c9edb82ef..c9099e69ae 100644
--- a/modules/cluster-wide-proxy-preqs.adoc
+++ b/modules/cluster-wide-proxy-preqs.adoc
@@ -54,36 +54,5 @@ When using a cluster-wide proxy, you must configure the `s3.<aws_region>.amazona
 |https/443
 |The https://cloud.redhat.com/openshift site uses authentication from sso.redhat.com to download the cluster pull secret and use Red Hat SaaS solutions to facilitate monitoring of your subscriptions, cluster inventory, and chargeback reporting.
 |===
-+
-** Your proxy must exclude re-encrypting the following site reliability engineering (SRE) and management URLs:
-+
-[cols="6,1,6",options="header"]
-|===
-|Address | Protocol/Port | Function
-|`*.osdsecuritylogs.splunkcloud.com`
-
-**OR**
-
-`inputs1.osdsecuritylogs.splunkcloud.com`
-`inputs2.osdsecuritylogs.splunkcloud.com`
-`inputs4.osdsecuritylogs.splunkcloud.com`
-`inputs5.osdsecuritylogs.splunkcloud.com`
-`inputs6.osdsecuritylogs.splunkcloud.com`
-`inputs7.osdsecuritylogs.splunkcloud.com`
-`inputs8.osdsecuritylogs.splunkcloud.com`
-`inputs9.osdsecuritylogs.splunkcloud.com`
-`inputs10.osdsecuritylogs.splunkcloud.com`
-`inputs11.osdsecuritylogs.splunkcloud.com`
-`inputs12.osdsecuritylogs.splunkcloud.com`
-`inputs13.osdsecuritylogs.splunkcloud.com`
-`inputs14.osdsecuritylogs.splunkcloud.com`
-`inputs15.osdsecuritylogs.splunkcloud.com`
-|tcp/9997
-|Used by the splunk-forwarder-operator as a log forwarding endpoint to be used by Red Hat SRE for log-based alerting.
-
-|`http-inputs-osdsecuritylogs.splunkcloud.com`
-|https/443
-|Used by the splunk-forwarder-operator as a log forwarding endpoint to be used by Red Hat SRE for log-based alerting.
-|===
 --
 
diff --git a/modules/osd-aws-privatelink-firewall-prerequisites.adoc b/modules/osd-aws-privatelink-firewall-prerequisites.adoc
index dda76a2a3f..dc0e883157 100644
--- a/modules/osd-aws-privatelink-firewall-prerequisites.adoc
+++ b/modules/osd-aws-privatelink-firewall-prerequisites.adoc
@@ -292,25 +292,6 @@ Alternatively, if you choose to not use a wildcard for Amazon Web Services (AWS)
 |443
 |Alerting service used by {product-title} to send periodic pings that indicate whether the cluster is available and running.
 
-|`.osdsecuritylogs.splunkcloud.com`
-OR
-`inputs1.osdsecuritylogs.splunkcloud.com`
-`inputs2.osdsecuritylogs.splunkcloud.com`
-`inputs4.osdsecuritylogs.splunkcloud.com`
-`inputs5.osdsecuritylogs.splunkcloud.com`
-`inputs6.osdsecuritylogs.splunkcloud.com`
-`inputs7.osdsecuritylogs.splunkcloud.com`
-`inputs8.osdsecuritylogs.splunkcloud.com`
-`inputs9.osdsecuritylogs.splunkcloud.com`
-`inputs10.osdsecuritylogs.splunkcloud.com`
-`inputs11.osdsecuritylogs.splunkcloud.com`
-`inputs12.osdsecuritylogs.splunkcloud.com`
-`inputs13.osdsecuritylogs.splunkcloud.com`
-`inputs14.osdsecuritylogs.splunkcloud.com`
-`inputs15.osdsecuritylogs.splunkcloud.com`
-|9997
-|Used by the `splunk-forwarder-operator` as a logging forwarding endpoint to be used by Red{nbsp}Hat SRE for log-based alerting.
-
 |`http-inputs-osdsecuritylogs.splunkcloud.com`
 |443
 |Required. Used by the `splunk-forwarder-operator` as a logging forwarding endpoint to be used by Red{nbsp}Hat SRE for log-based alerting.
diff --git a/modules/osd-gcp-psc-firewall-prerequisites.adoc b/modules/osd-gcp-psc-firewall-prerequisites.adoc
index 336041e257..0451f73f54 100644
--- a/modules/osd-gcp-psc-firewall-prerequisites.adoc
+++ b/modules/osd-gcp-psc-firewall-prerequisites.adoc
@@ -153,40 +153,6 @@ Managed clusters require the enabling of telemetry to allow Red Hat to react mor
 |443
 |Alerting service used by {product-title} to send periodic pings that indicate whether the cluster is available and running.
 
-|`*.osdsecuritylogs.splunkcloud.com`
-
-OR
-
-`inputs1.osdsecuritylogs.splunkcloud.com`
-
-`inputs2.osdsecuritylogs.splunkcloud.com`
-
-`inputs4.osdsecuritylogs.splunkcloud.com`
-
-`inputs5.osdsecuritylogs.splunkcloud.com`
-
-`inputs6.osdsecuritylogs.splunkcloud.com`
-
-`inputs7.osdsecuritylogs.splunkcloud.com`
-
-`inputs8.osdsecuritylogs.splunkcloud.com`
-
-`inputs9.osdsecuritylogs.splunkcloud.com`
-
-`inputs10.osdsecuritylogs.splunkcloud.com`
-
-`inputs11.osdsecuritylogs.splunkcloud.com`
-
-`inputs12.osdsecuritylogs.splunkcloud.com`
-
-`inputs13.osdsecuritylogs.splunkcloud.com`
-
-`inputs14.osdsecuritylogs.splunkcloud.com`
-
-`inputs15.osdsecuritylogs.splunkcloud.com`
-|9997
-|Used by the `splunk-forwarder-operator` as a logging forwarding endpoint to be used by Red{nbsp}Hat SRE for log-based alerting.
-
 |`http-inputs-osdsecuritylogs.splunkcloud.com`
 |443
 |Used by the `splunk-forwarder-operator` as a logging forwarding endpoint to be used by Red{nbsp}Hat SRE for log-based alerting.
diff --git a/osd_whats_new/osd-whats-new.adoc b/osd_whats_new/osd-whats-new.adoc
index 71cea18496..f135e33ad7 100644
--- a/osd_whats_new/osd-whats-new.adoc
+++ b/osd_whats_new/osd-whats-new.adoc
@@ -15,6 +15,10 @@ With its foundation in Kubernetes, {product-title} is a complete {OCP} cluster p
 [id="osd-new-changes-and-updates_{context}"]
 == New changes and updates
 
+[id="osd-q1-2025_{context}"]
+=== Q1 2025
+* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {product-title} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {product-title} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster.
+
 [id="osd-q4-2024_{context}"]
 === Q4 2024
 
diff --git a/rosa_release_notes/rosa-release-notes.adoc b/rosa_release_notes/rosa-release-notes.adoc
index 0e6d6a20d0..18f26caee8 100644
--- a/rosa_release_notes/rosa-release-notes.adoc
+++ b/rosa_release_notes/rosa-release-notes.adoc
@@ -24,6 +24,8 @@ Egress lockdown is a Technology Preview feature.
 ====
 
 * **Egress lockdown is now available as a Technology Preview on {product-title} clusters.** You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster. For more information, see xref:../rosa_hcp/rosa-hcp-egress-lockdown-install.adoc#rosa-hcp-egress-lockdown-install[Creating a {product-title} cluster with egress lockdown].
+
+* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {product-title} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {product-title} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster. This is applicable only to Red{nbsp}Hat OpenShift Service on AWS (classic architecture).
 endif::openshift-rosa[]
 ifdef::openshift-rosa-hcp[]
 [IMPORTANT]