All Apps and Add-ons

AWS & Pagerduty

cdstealer
Contributor

Hi, I think this maybe a bug of some sorts. I have recently installed both the Splunk addon/app AWS & Pagerduty apps.

AWS for splunk has a builtin proxy function 🙂
Pagerduty does not and relies on the proxy being defined in splunk-launcher.conf
We have to go through a proxy to get outside.
The problem is, when a proxy is defined in splunk-launcher.conf, it breaks the AWS app. In AWS any accounts that may have been configured are lost and AWS fails to function. Removing the proxy from splunk-launcher.conf, the AWS accounts re-appear.
The AWS app will not use the proxy defined in splunk-launcher.conf.
So we are stuck.

Any ideas?

philkershaw_wh
Engager

I've been experiencing this issue also but upon searching through the code for all apps involved I've discovered the following:

  • PagerDuty doesn't account for any possibility that any proxy settings have been set - OS level nor in splunk-launch.conf;
  • In fairness to PagerDuty, Splunks own webhooks app doesn't account for proxies neither;

Both of these points explain why there's dedicated proxy settings for the AWS Add-On. On the other hand, however, the AWS Add-On does check for splunk-launch/environment proxy settings. When adding an AWS account via the Add-On with proxy settings in place you're likely to see an error unless the proxy is set up to handle loop-back (i.e. 127.0.0.1) - which it probably won't be because, why would it!? To overcome this error, add no_proxy=127.0.0.1 to splunk-launch.conf.

The only remaining problem then is for the webhook approach to be updated to account for proxy settings. It would be nice if Splunk had an API to make this easier and avoid the need to pull in the proxy settings and establish the connection manually.

0 Karma

pchen_splunk
Splunk Employee
Splunk Employee

Hi, which version of AWS app did you install? The proxy support is one of the new features in version 4.1, which was delivered 2 months ago.

0 Karma

cdstealer
Contributor

Hi, Thanks for the replay. These are the versions in use:

Splunk Add-on for AWS - 3.0.0
Splunk App for AWS - 4.1.1
Splunk Enterprise - 6.3.0
PagerDuty Incidents - 1.0

Thanks

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...