- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Proxy creation and configuration in Splunk
splunklearner
Communicator
03-10-2025
03:41 AM
We are trying to on-board Akamai logs to Splunk. Installed the add-on. Here it is asking for proxy server and proxy host. I am not sure what these means? Our splunk instances are hosted on AWS and instances are refreshed every 45 days due to compliance and these are not exposed to internet (internal). How to create and configure proxy server here? Please guide me
This is the app installed - https://splunkbase.splunk.com/app/4310
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
livehybrid
Champion
03-10-2025
05:10 AM
Do you have direct connectivity to your Akamai feed from the EC2 instance? If so you shouldnt need to configure a proxy. Please can you post a screenshot or link to where you are looking?
Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards
Will
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
04:10 AM
If you don’t want to manage a proxy server, you could use a NAT Gateway in a public subnet to provide internet access to your private subnet. However, this won’t work directly with the Akamai add-on’s proxy settings, as it expects an HTTP/HTTPS proxy, not a network-layer NAT. Stick with a proxy server like Squid for compatibility.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
04:08 AM
Since your Splunk instances can’t access the internet directly, you need a proxy server within your AWS environment (or on-premises, if applicable) that can:
- Handle HTTPS traffic (port 443, as Akamai uses secure endpoints).
- Be accessible from your Splunk instances in the private subnet.
- Route traffic to Akamai’s servers (e.g., DataStream endpoints or API hosts).
You likely don’t have a proxy server set up yet, so you’ll need to create one.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
splunklearner
Communicator
03-10-2025
04:42 AM
@kiran_panchavat how and where to create proxy server for this requirement? Please let me know.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
05:25 AM
To set up a proxy, please contact the Network team, discuss your requirements with them, and proceed accordingly.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
05:16 AM
Step 1: Assess Your AWS Network Architecture
Since your instances are internal, you likely have a Virtual Private Cloud (VPC) with private subnets. To enable outbound internet access:
- Check if you already have a NAT Gateway or NAT Instance in a public subnet within your VPC. These are common AWS solutions for allowing private instances to access the internet.
- If not, you’ll need to set up a proxy server or coordinate with your network team to provide one.
Set Up a Proxy Server in AWS
Please check this
I suggest reaching out to your Network team to set up a proxy.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
05:21 AM
You can create your own proxy server using an EC2 instance. Here are the steps:
Launch an EC2 Instance for the Proxy:
- Go to the AWS EC2 console.
- Launch a new instance (e.g., t2.micro for testing) in a public subnet of your VPC.
- Use an Amazon Linux 2 AMI (or your preferred OS).
- Assign a public IP address and ensure it’s in a security group that allows:
- Inbound traffic on port 3128 (default Squid port) from your Splunk instances’ private subnet CIDR.
- Outbound traffic to anywhere (0.0.0.0/0) on HTTPS (port 443) to reach Akamai’s API.
- Install and Configure Squid:
- SSH into the EC2 instance.
- Install Squid:
sudo yum update -ysudo yum install squid -y
- Edit the Squid configuration file (/etc/squid/squid.conf)
sudo vi /etc/squid/squid.conf
- Add your Splunk instances’ subnet to allow access (replace 10.0.1.0/24 with your private subnet CIDR):
acl splunk_subnet src 10.0.1.0/24http_access allow splunk_subnet http_access deny all http_port 3128
- Save and exit, then start Squid:
sudo systemctl start squidsudo systemctl enable squid
- Update Route Tables:
- Ensure your Splunk instances’ private subnet route table routes traffic destined for the proxy (e.g., the proxy’s private IP) to the proxy instance. You may not need this if the proxy is in the same VPC and reachable via its private IP.
- Record Proxy Details:
- Proxy Host: The private IP of the EC2 instance (e.g., 10.0.2.50).
- Proxy Port: 3128 (or whatever you set in squid.conf).
Alternatively, if your organization prefers a managed solution, you could use an AWS NAT Gateway instead of a custom proxy:
- Deploy a NAT Gateway in a public subnet.
- Update the private subnet route table to route 0.0.0.0/0 to the NAT Gateway.
- Note: NAT Gateways don’t require a specific “proxy host” configuration in the add-on; they transparently handle outbound traffic. However, the Akamai add-on may still expect a proxy, so a custom proxy might be more compatible.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kiran_panchavat
Influencer
03-10-2025
04:08 AM
Proxy Server: A proxy server acts as an intermediary between your Splunk instance and an external service (like Akamai’s log delivery endpoints). It forwards requests from your internal network to the internet and relays responses back. This is critical in your case since your Splunk instances lack direct internet access.
Proxy Host: This is the specific hostname or IP address of the proxy server that Splunk will use to route its outbound traffic.
Since your Splunk instances are internal and not internet-facing, you’ll need a proxy to enable communication with Akamai’s services (e.g., to pull logs via API or receive them via HTTP Event Collector if configured that way). Additionally, with instances refreshing every 45 days, you’ll need a solution that’s consistent across refreshes.
Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
