Splunk® Enterprise

Admin Manual

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Configure splunkd to use your HTTP Proxy Server

You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server.

To set up a proxy server for splunkd, you can either configure Splunk's proxy variables in server.conf or configure the REST endpoints.

This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:

  • Access to Splunkbase via Splunk Web
  • Splunk external lookups
  • Actions that make a REST API call to an external service outside of a firewall

Edit server.conf to configure splunkd to work with your server proxy

For a single Splunk Enterprise instance, you can add the proxy configs under %SPLUNK_HOME/etc/system/local, or deploy a custom app that includes a server.conf file with your proxy settings. To configure multiple instances (pool of indexers, search head cluster, etc.) use a deployment management tool such as the deployer, deployment server, or cluster master to deploy an app that includes a server.conf file with your proxy settings.

[proxyConfig]
http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> 
https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">

Use REST endpoints to configure splunkd to work with your server proxy

You can also configure splunkd to work with your HTTP proxy server by modifying the /services/server/httpsettings/proxysettings REST endpoint. To set variables using a REST endpoint, you must have the edit_server capability.

Create the [proxyConfig] stanza:

curl -k /services/server/httpsettings/proxysettings --data name="proxyConfig"

Write to the stanza:

curl -k /services/server/httpsettings/proxysettings/proxyConfig --data "http_proxy=....&https_proxy=...&no_proxy=...."

Read from stanza:

curl -k /services/server/httpsettings/proxysettings/proxyConfig

Delete the stanza:

curl -k -X DELETE /services/server/httpsettings/proxysettings/proxyConfig

For more details and example requests and responses, see server/httpsettings/proxysettings and server/httpsettings/proxysettings/proxyConfig in the REST API Reference.

Configure clusters to work with a proxy

To use the proxy server for communication in an indexer cluster or search head cluster, update the following additional settings in server.conf.

[clustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a slave will be available for accepting replication data. This is useful in the cases where a slave host machine has multiple interfaces and only one of them can be reached by another splunkd instance>
Only valid for mode=slave


[shclustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a member will be available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance.>
Last modified on 14 October, 2020
Install and configure your HTTP Proxy Server for splunkd   Best practices when configuring an HTTP Proxy Server for splunkd

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters