Configure splunkd to use your HTTP Proxy Server

You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server.

To set up a proxy server for splunkd, you can either configure Splunk's proxy variables in server.conf or configure the REST endpoints.

This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:

• Access to Splunkbase via Splunk Web
• Splunk external lookups
• Actions that make a REST API call to an external service outside of a firewall

Edit server.conf to configure splunkd to work with your server proxy

For a single Splunk Enterprise instance, you can add the proxy configs under %SPLUNK_HOME/etc/system/local, or deploy a custom app that includes a server.conf file with your proxy settings. To configure multiple instances (pool of indexers, search head cluster, etc.) use a deployment management tool such as the deployer, deployment server, or cluster master to deploy an app that includes a server.conf file with your proxy settings.

[proxyConfig]
http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> 
https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">

Use REST endpoints to configure splunkd to work with your server proxy

You can also configure splunkd to work with your HTTP proxy server by modifying the /services/server/httpsettings/proxysettings REST endpoint. To set variables using a REST endpoint, you must have the edit_server capability.

Create the [proxyConfig] stanza:

curl -k /services/server/httpsettings/proxysettings --data name="proxyConfig"

Write to the stanza:

curl -k /services/server/httpsettings/proxysettings/proxyConfig --data "http_proxy=....&https_proxy=...&no_proxy=...."

Read from stanza:

curl -k /services/server/httpsettings/proxysettings/proxyConfig

Delete the stanza:

curl -k -X DELETE /services/server/httpsettings/proxysettings/proxyConfig

For more details and example requests and responses, see server/httpsettings/proxysettings and server/httpsettings/proxysettings/proxyConfig in the REST API Reference.

Configure clusters to work with a proxy

To use the proxy server for communication in an indexer cluster or search head cluster, update the following additional settings in server.conf.

[clustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a slave will be available for accepting replication data. This is useful in the cases where a slave host machine has multiple interfaces and only one of them can be reached by another splunkd instance>
Only valid for mode=slave

[shclustering]
register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a member will be available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance.>