Configure splunkd to use your HTTP Proxy Server
You can set up an HTTP proxy server for splunkd so that all HTTP/S traffic originating from splunkd flows through the proxy server.
To set up a proxy server for splunkd, you can either configure Splunk's proxy variables in server.conf
or configure the REST endpoints.
This process configures Splunk to Splunk communication through a Proxy. The settings documented here do not support interactions outside of Splunk, for example:
- Access to Splunkbase via Splunk Web
- Splunk external lookups
- Actions that make a REST API call to an external service outside of a firewall
Edit server.conf
to configure splunkd to work with your server proxy
For a single Splunk Enterprise instance, you can add the proxy configs under %SPLUNK_HOME/etc/system/local
, or deploy a custom app that includes a server.conf file with your proxy settings. To configure multiple instances (pool of indexers, search head cluster, etc.) use a deployment management tool such as the deployer, deployment server, or cluster master to deploy an app that includes a server.conf file with your proxy settings.
[proxyConfig] http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.> no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">
Use REST endpoints to configure splunkd to work with your server proxy
You can also configure splunkd to work with your HTTP proxy server by modifying the /services/server/httpsettings/proxysettings
REST endpoint. To set variables using a REST endpoint, you must have the edit_server
capability.
Create the [proxyConfig]
stanza:
curl -k /services/server/httpsettings/proxysettings --data name="proxyConfig"
Write to the stanza:
curl -k /services/server/httpsettings/proxysettings/proxyConfig --data "http_proxy=....&https_proxy=...&no_proxy=...."
Read from stanza:
curl -k /services/server/httpsettings/proxysettings/proxyConfig
Delete the stanza:
curl -k -X DELETE /services/server/httpsettings/proxysettings/proxyConfig
For more details and example requests and responses, see server/httpsettings/proxysettings and server/httpsettings/proxysettings/proxyConfig in the REST API Reference.
Configure clusters to work with a proxy
To use the proxy server for communication in an indexer cluster or search head cluster, update the following additional settings in server.conf
.
[clustering] register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a slave will be available for accepting replication data. This is useful in the cases where a slave host machine has multiple interfaces and only one of them can be reached by another splunkd instance> Only valid for mode=slave
[shclustering] register_replication_address = <IP address, or fully qualified machine/domain name. This is the address on which a member will be available for accepting replication data. This is useful in the cases where a member host machine has multiple interfaces and only one of them can be reached by another splunkd instance.>
Install and configure your HTTP Proxy Server for splunkd | Best practices when configuring an HTTP Proxy Server for splunkd |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Feedback submitted, thanks!