Use a forward Proxy Server for splunkd
You can set up an HTTP/S proxy server so that all HTTP/S traffic originating from splunkd flows through that proxy server. This lets you manage and control communication between different splunkd instances and lets you manage requests that splunkd makes over the Internet.
How it works
When a client (splunkd) sends a request to the HTTP proxy server, the forward proxy server validates the request.
- If a request is not valid, the proxy rejects the request and the client receives an error or is redirected.
- If a request is valid, the forward proxy checks whether the requested information is cached.
- If a cached copy is available, the forward proxy serves the cached information.
- If the requested information is not cached, the request is sent to an actual content server which sends the information to the forward proxy. The forward proxy then relays the response to the client.
This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:
- Access to Splunkbase via Splunk Web
- Splunk external lookups
- Actions that make a REST API call to an external service outside of a firewall
Configure a forward Proxy Server for splunkd
To set up HTTP Proxy Server support for splunkd:
1. Download and configure a HTTP proxy server and configure it to talk to splunkd on a Splunk node. Splunk Enterprise supports the following proxy servers:
- Apache Server 2.4
- Apache Server 2.2
- Squid Server 3.5
2. Configure splunkd proxy settings by setting the proxy variables in
server.conf or using the REST endpoints
Note: TLS Proxying is currently not supported, the proxy server must be configured to listen on a non-SSL port.
Configure user session timeouts
Install and configure your HTTP Proxy Server for splunkd
This documentation applies to the following versions of Splunk® Enterprise: 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 7.0.0, 7.0.1, 7.0.2