All Apps and Add-ons

admin's beware: 6.5.1 causes clients to directly reach to splunk

w531t4
Path Finder

FYI, discovered that in 6.5.1 Splunk is now placing the burden of checking whether it is up to date on the client rather than the server. So, since most client machines have access to the internet, lots of interesting information gets passed back to Splunk.. including:

Any associated Splunk Answers user/cookie information
All Splunk role's on the server
GUID's of Splunk Licenses on the server

We are observing the request go to https://quickdraw.splunk.com, and we have 'updateCheckerBaseURL = 0' in web.conf. The request to quickdraw.splunk.com only occurs after a successful login.

If anyone knows how to turn off this behavior, it would be greatly appreciated.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

The information that Splunk collects if you opt in to share performance data is documented in Share performance data in the Admin Manual. This topic also explains what data is not collected, which node in your deployment runs the searches to collect the data, and how to opt in or out.

0 Karma

w531t4
Path Finder

As stated in my original post, this still occurs while both

  • Anonymized Usage Data
  • License Usage Data

are set to disabled.

Additionally, the page says nothing about the inclusion of reporting the names of configured roles to splunk.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Indeed. We are doing some research here to get the details.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!