During an event at our site in the last 48 hours it became painfully apparent that Splunk contacts different sites on the Internet, in particular Google Analytics. If we have a networking issue like recently this renders Splunk almost completely useless. We want it disabled. Any ideas?
Disable the application that is calling the external source.
By default, Splunk does not call to the outside world.
If of course you cant disable these app's, use IPTABLES to drop all connections to any not RFC1918 address range.