Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

Configure splunkd to use your HTTP Proxy Server

You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server.

To set up a proxy server for splunkd, you can either configure Splunk's proxy variables in server.conf or configure the REST endpoints.

This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:

  • Access to Splunkbase via Splunk Web
  • Splunk external lookups
  • Actions that make a REST API call to an external service outside of a firewall

Edit server.conf to configure splunkd to work with your server proxy

[proxyConfig]
http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> 
https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">

Use REST endpoints to configure splunkd to work with your server proxy

You can also configure splunkd to work with your HTTP proxy server by modifying the /services/server/httpsettings/proxysettings REST endpoint. To set variables using a REST endpoint, you must have the edit_server capability.

Create the [proxyConfig] stanza: 

curl -k /services/server/httpsettings/proxysettings --data name="proxyConfig"

Write to the stanza: 

curl -k /services/server/httpsettings/proxysettings/proxyConfig --data "http_proxy=....&https_proxy=...&no_proxy=...."

Read from stanza: 

curl -k /services/server/httpsettings/proxysettings/proxyConfig

Delete the stanza: 

curl -k -X DELETE /services/server/httpsettings/proxysettings/proxyConfig

For more details and example requests and responses, see server/httpsettings/proxysettings and server/httpsettings/proxysettings/proxyConfig in the REST API Reference.

Configure clusters to work with a proxy

To use the proxy server for communication in an indexer cluster or search head cluster, update the following additional settings in server.conf. 

[clustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a slave will be available for accepting replication data. This is useful in the cases where a slave host machine has multiple interfaces and only one of them can be reached by another splunkd instance>
Only valid for mode=slave



[shclustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a member will be available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance.>
PREVIOUS
Install and configure your HTTP Proxy Server for splunkd 		  NEXT
Best practices when configuring an HTTP Proxy Server for splunkd

This documentation applies to the following versions of Splunk® Enterprise: 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 8.0.0, 8.0.1

Comments

Could you please clarify proxy configuration for a search head cluster? Current documentation seems to imply that `register_replication_address` somehow enables proxy use for cluster communications and if it is not specified cluster comms are not proxied.

I had http_proxy configured on my servers and `splunk bootstrap shcluster-captain` was failing with `socket_error=Resource temporarily unavailable`. It started working when I added local domain to `no_proxy`. This seems to indicate that setting `http_proxy` is enough to enable proxying for cluster communications.

Tadas medisauskas
October 11, 2017

Hi Tpeveler and Ccrayto,

Thanks for pointing this out. I've added a note about the proxy limitations to this topic as well as a few related topics. I will continue to update information as we find it.

Jworthington splunk, Splunker
August 25, 2017

Please update this documentation page so that it specifically points out that this configuration for enabling Splunk to Splunk communication through a Proxy. The settings documented here do not work for accessing Splunkbase via the UI nor do they work when you have a Splunk external lookup or Splunk custom alert action that is makes a REST Api Call to an external service outside of a firewall.

Tpeveler splunk, Splunker
August 18, 2017

I have been unable to get this working for checking apps in the UI. I set up the proxy variables in server.conf, but still get errors when the Splunk UI needs to go through authenticated proxy. As most companies who care about security use authenticated proxies, it should not require Google searches and calls to support to figure out how to configure them.

Ccrayto
May 25, 2017

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters