All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to get this addon to connect to https://reports.office365.com through a http proxy?

xvieni
Engager
‎01-30-2018 12:32 AM

I am setting this addon up on a heavy forwarder (6.5), running on a debian linux. I am required to access the "internet" through a http proxy, without authentication and without inspection.
I cant find anywhere to configure the settings for the proxy server.

And since this is a O365 URL, the number of IP addresses returned when querying it is far to many to be manageable in a "through firewall" opening directly without a proxy server.

Did anyone get this to work through a http proxy, where the Splunk installation is not on a windows box?
(I noticed in the script "socks.py" that it imports the global proxy settings if the OS in "NT something")

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎04-03-2018 08:25 AM

Proxy support will be available in the next release. In the meantime, you can edit input_module_ms_o365_message_trace.py. Around line 57, you will see the following:

helper.log_debug("Endpoint URL: %s" % microsoft_trace_url)
r = requests.get(microsoft_trace_url, auth=requests.auth.HTTPBasicAuth(global_microsoft_office_365_username, global_microsoft_office_365_password))

The add-on uses the Python requests library which supports proxy servers. Make the following modifications:

helper.log_debug("Endpoint URL: %s" % microsoft_trace_url)
proxies = {
    'http': 'http://proxy_server_address:proxy_server_port',
    'https': 'http://proxy_server_address:proxy_server_port',
}
r = requests.get(microsoft_trace_url, proxies=proxies, auth=requests.auth.HTTPBasicAuth(global_microsoft_office_365_username, global_microsoft_office_365_password ))
0 Karma
Reply

faisal_saifi
New Member
‎04-03-2018 12:12 PM

Hi Jconger,
i have added following
proxies = {
'http': 'http://1.2.3.4:8080',
'https': 'http://1.2.3.4:8080',
}
But getting following error after restarting the splunk service.
"unable to initialise modular input'ms_o365_message_trace' defined inside the app 'TA-MS_o365_reporting' :introspecting scheme=ms_o365_message_trace : script running failed (exited with code 1)"

0 Karma
Reply

jconger
Splunk Employee
Splunk Employee
‎04-03-2018 03:41 PM

Check out the _internal index to get some more detail. The following search should help:

index=_internal source=*trace* error
0 Karma
Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top