All Apps and Add-ons

AWS & Pagerduty

cdstealer
Contributor

Hi, I think this maybe a bug of some sorts. I have recently installed both the Splunk addon/app AWS & Pagerduty apps.

AWS for splunk has a builtin proxy function 🙂
Pagerduty does not and relies on the proxy being defined in splunk-launcher.conf
We have to go through a proxy to get outside.
The problem is, when a proxy is defined in splunk-launcher.conf, it breaks the AWS app. In AWS any accounts that may have been configured are lost and AWS fails to function. Removing the proxy from splunk-launcher.conf, the AWS accounts re-appear.
The AWS app will not use the proxy defined in splunk-launcher.conf.
So we are stuck.

Any ideas?

philkershaw_wh
Engager

I've been experiencing this issue also but upon searching through the code for all apps involved I've discovered the following:

  • PagerDuty doesn't account for any possibility that any proxy settings have been set - OS level nor in splunk-launch.conf;
  • In fairness to PagerDuty, Splunks own webhooks app doesn't account for proxies neither;

Both of these points explain why there's dedicated proxy settings for the AWS Add-On. On the other hand, however, the AWS Add-On does check for splunk-launch/environment proxy settings. When adding an AWS account via the Add-On with proxy settings in place you're likely to see an error unless the proxy is set up to handle loop-back (i.e. 127.0.0.1) - which it probably won't be because, why would it!? To overcome this error, add no_proxy=127.0.0.1 to splunk-launch.conf.

The only remaining problem then is for the webhook approach to be updated to account for proxy settings. It would be nice if Splunk had an API to make this easier and avoid the need to pull in the proxy settings and establish the connection manually.

0 Karma

pchen_splunk
Splunk Employee
Splunk Employee

Hi, which version of AWS app did you install? The proxy support is one of the new features in version 4.1, which was delivered 2 months ago.

0 Karma

cdstealer
Contributor

Hi, Thanks for the replay. These are the versions in use:

Splunk Add-on for AWS - 3.0.0
Splunk App for AWS - 4.1.1
Splunk Enterprise - 6.3.0
PagerDuty Incidents - 1.0

Thanks

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...