Splunk® Secure Gateway

Administer Splunk Secure Gateway

Splunk Secure Gateway is a default enabled application that's included in Splunk Cloud version 8.1.2103 and Splunk Enterprise version 8.1.0 and higher. An admin must agree to the opt-in notice before using Splunk Secure Gateway. See Get started with Splunk Secure Gateway to get started.
This documentation does not apply to the most recent version of Splunk® Secure Gateway. For documentation on the most recent version, go to the latest release.

Configure a securegateway.conf file

To modify the Splunk Cloud Gateway configuration, create a securegateway.conf file in the $SPLUNK_HOME/etc/apps/splunk_secure_gateway/local directory.

Here's a sample securegateway.conf file:

[setup]
spacebridge_server = <ASCII string>
* Set the address of the Spacebridge Service
* Default: prod.spacebridge.spl.mobi

log_level = ERROR|WARN|INFO|DEBUG
* This controls the log_level for application logs
* If you need more detailed logs set to DEBUG
* Default: INFO

async_timeout = <positive_integer>
* Set the request timeout in seconds seen at the async request level
* Default: 15

cluster_monitor_interval = <positive_integer>
* This setting controls the interval in which the Search Head will query if it is the Captain in a SHC
* The Splunk Secure Gateway currently processes all requests through the Captain in a SHC
* Default: 300


cluster_mode_enabled = <boolean>
* Enable cluster mode.  If enabled, the modular inputs will run on every member of the SHC.
  Disabled, it will only run on the captain.
* Default: false

mtls = <boolean>
* Enable Mutual TLS mode.  This is an advanced experimental feature and should not be adjusted without explicit
  instruction from Splunk.
* Default: false

[client]
request_timeout_secs = <positive_integer>
* Set the request timeout in seconds seen at the client level
* Default: 30

[websocket]
reconnect_max_delay = <positive_integer>
* When a websocket disconnects reconnection code retries with exponential back-off to a maximum value
* The reconnect_max_delay is the maximum reconnection delay in seconds
* Default: 60

[subscription]
manager_lifetime_seconds = <positive_integer>
* The subscription_manager_modular_input will run for a period defined by the manager_lifetime_seconds configuration
  before restarting the process
* Default: 3600

manager_interval_seconds = <positive_number>
* The subscription_manager_modular_input will poll new subscription requests from clients at an interval defined by the
  manage_interval_seconds
* If the Search Head instance is not performant this may be an option to reduce API calls to the host.
* Default: 0.1

[dashboard]
dashboard_list_max_count = <positive_integer>
* The dashboard_list_max_count setting will limit the number of dashboards returned in the dashboard list API
* If the dashboard list is timing out on clients this a helpful setting to limit the returned dashboards
* This is primarily a setting you would set while debugging an issue
* Default: 10000

[proxyConfig]
http_proxy = <string>
* If set, Splunk Secure Gateway App sends all HTTP requests through the proxy server that you specify.
* No Default.  Example formats:
* http_proxy = http://user:password@proxyIP:proxyPort
* http_proxy = user:password@proxyIp:proxyPort,
* http_proxy = http://proxyIp:proxyPort
* http_proxy = proxyIp:proxyPort

https_proxy = <string>
* If set, Splunk Secure Gateway App sends all HTTPS requests through the proxy server that you specify.
* No default.  Example formats:
* https_proxy = https://user:password@proxyIP:proxyPort
* https_proxy = user:password@proxyIp:proxyPort,
* https_proxy = https://proxyIp:proxyPort
* https_proxy = proxyIp:proxyPort


Last modified on 09 December, 2022
Change the Secure Gateway Deployment Name   Provide a QR code for SAML authentication log in with a hostname

This documentation applies to the following versions of Splunk® Secure Gateway: 2.4.0, 2.0.2, 2.5.6 Cloud Only, 2.5.7, 2.6.3 Cloud only, 2.7.3 Cloud only, 2.7.4, 2.8.4 Cloud only, 2.9.1 Cloud only, 2.9.3 Cloud only, 2.9.4 Cloud only, 3.0.9, 3.1.2 Cloud only, 3.2.0 Cloud only, 3.3.0 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters