Hi All,
Can someone help me understand which .conf file is responsible to control the connectivity to/from Internet.
Wanted to make sure that the so called pure ON Prem Splunk Enterprise solution is unreachable from Internet and most importantly not sending data outside e.g. 1.5 DTI?
Thanks in advance.
You're looking in the wrong place. You can _tell_ Splunk to use a proxy server if it wants to connect to the internet (but to make things more complicated, the main setting might not work for some modular inputs so you'd have to specify proxy settings in specific app's settings as well). But you can't tell Splunk to _not_ connect anywhere.
Remember that Splunk does work by connecting various components over the network so it must be using the network. And if you write an input/output/external lookup/custom command which will connect to external services it will try to do so.
You should handle this on the OS/network level by managing host firewall rules on Splunk servers and firewall filters on your network devices.
The things that can be managed in Splunk's own config are:
- telemetry settings
- update checks/app installs
- Splunk Secure Gateway
Hi @DanAlexander,
Splunk doesn't manage Internet connectivity, the only configuration that you could do( but I'm not sure that's your issue) is the proxy server, that you can configure in server.conf, following instructions at https://docs.splunk.com/Documentation/Splunk/9.1.2/Admin/ConfigureSplunkforproxy
Ciao.
Giuseppe
Hi
basically it's like @gcusello said. You should manage your internet access by firewalls etc. not with splunk.
Anyhow there are some conf files where you could manage e.g. sending statistics, telemetry, check app/splunk versions etc. But also those should restricted/denied by your FW not by Splunk itself.
r. Ismo