Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

Use a forward Proxy Server for splunkd

You can set up an HTTP/S proxy server so that all HTTP/S traffic originating from splunkd flows through that proxy server. This lets you manage and control communication between different splunkd instances and lets you manage requests that splunkd makes over the Internet.

How it works

When a client (splunkd) sends a request to the HTTP proxy server, the forward proxy server validates the request.

  • If a request is not valid, the proxy rejects the request and the client receives an error or is redirected.
  • If a request is valid, the forward proxy checks whether the requested information is cached.
    • If a cached copy is available, the forward proxy serves the cached information.
    • If the requested information is not cached, the request is sent to an actual content server which sends the information to the forward proxy. The forward proxy then relays the response to the client.

This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:

  • Access to Splunkbase via Splunk Web
  • Splunk external lookups
  • Actions that make a REST API call to an external service outside of a firewall

Configure a forward Proxy Server for splunkd

To set up HTTP Proxy Server support for splunkd:

1. Download and configure a HTTP proxy server and configure it to talk to splunkd on a Splunk node. Splunk Enterprise supports the following proxy servers:

  • Apache Server 2.4
  • Apache Server 2.2
  • Squid Server 3.5

2. Configure splunkd proxy settings by setting the proxy variables in server.conf or using the REST endpoints

Note: TLS Proxying is currently not supported, the proxy server must be configured to listen on a non-SSL port.

PREVIOUS
Configure user session timeouts
  NEXT
Install and configure your HTTP Proxy Server for splunkd

This documentation applies to the following versions of Splunk® Enterprise: 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 7.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters