All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Microsoft Cloud Services with proxy?

szabados
Communicator
‎06-09-2017 03:47 AM

I'm trying to use the above add-on to get Azure Audit logs, and I want to use a proxy. Everything is configured according to the docs, but any time the script tries to download the data, I'm getting 10061.
I double checked with wireshark, the script is not even trying to connect to my proxy, instead it tries connecting directly to the Microsoft servers. I'm running on a Windows server.

How can I get this working ?

Reply

fatemabw
New Member
‎11-02-2018 12:30 PM

Figured it out.
Got it to working.
There is a config file inside the apps folder under the add-on, where the proxy settings has to be explicitly mentioned.

Under: /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/local/splunk_ta_ms_o365_client_settings.conf
[proxy]
proxy_enabled = 1
proxy_rdns = 1
proxy_type = http

proxy_password = password of proxy account

proxy_port = 8000
proxy_url = proxy1.your.server.com
disabled = 0

proxy_username = user name of proxy account

0 Karma
Reply

oljaszubs
Engager
‎08-21-2018 06:18 AM

I have the same issue - I can't see any traffic to be forwarded to provided proxy. Does anybody manage it to run ?

0 Karma
Reply

fatemabw
New Member
‎10-31-2018 12:31 PM

I am also struggling with the same. I have followed the doc to install, and since the forwarder is sitting behind a proxy, which majority of deployments do, can't connect to the proxy, instead Splunk forwarder is trying to directly connect to the MS cloud IP.
I have tried setting the proxy config in splunk-launch.conf, server.conf but nothing seem to work.

Has anyone figured out the solution?

Appreciate the help and comments!

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...
Top