Deployment Architecture

Is there a way to only use DNS to connect to a search head?


I have two ways to connect to a search head, and 1 is secured with SSL, while the other is not.

1: https://ip:port

Is there a way I can disable option 1, and force everyone to use the DNS name?


I'm not sure there's a way to remove the ability to access it via IP address, but you could use variants of the following search to find those who are doing it.

index=_internal sourcetype=splunk_web_access | stats count by referer_domain, user

Then perhaps a kindly worded email could take care of the problem?

0 Karma

Ultra Champion

Interesting. The best practice is to use a load balancer with search head clustering

Meaning, the users should access the load balancer which is in front of the search heads as a cluster or not...

0 Karma


agreed, however no load balancer is available.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!