Set up a load balancer with an HAProxy® server
A Splunk Phantom cluster uses HAProxy as a load balancer to distribute requests between instances.
You can use a different load balancer. Your load balancer must be configured to:
- provide round-robin balancing
- support SSL/TLS
- handle redirection from HTTP to HTTPS services.
The HA Proxy server that serves a Splunk Phantom cluster with the default configuration will encrypt traffic from clients to the proxy, and from the proxy to the Phantom nodes. The traffic to the Phantom nodes is sent over port 443, but the certificates of the Phantom nodes do not require validation.
If you use a different load balancer when creating a Splunk Phantom cluster, see Configuration files in the Reference section for an HAProxy configuration to use as an example.
- Install and configure one of the supported operating systems according to your organization's requirements.
- Update SELinux and any firewalls to allow access to the ports for HAProxy, and your Splunk Phantom cluster nodes.
- Install HAProxy.
yum install haproxy
- Add SSL/TLS certificates to /etc/haproxy/certificates. These certificates are used to encrypt communications between the load balancer and clients.
Do not use a self-signed certificate in a production environment for client communications.
/etc/haproxy/haproxy.cfg. If the file does not exist, create it. Use the example file HAProxy Configuration as a guide. If you are creating an unprivileged cluster, make sure to include a directive for your custom HTTPS port such as:
bind *:443 ssl crt /etc/haproxy/certificates no-sslv3 no-tlsv10 ciphers <ciphers go here> # for unprivileged installs, add another declaration bind *:<your https port> ssl crt /etc/haproxy/certificates no-sslv3
- Set HAProxy to start when the system starts.
systemctl enable haproxy.service
- Start HAProxy.
systemctl start haproxy.service
Set up external file shares using GlusterFS
Set up Splunk Enterprise
This documentation applies to the following versions of Splunk® Phantom (Legacy): 4.8, 4.9, 4.10, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.6, 4.10.7