Deployment Architecture

Send UF -> Deployment server traffic through a Proxy?

ajiwanand
Path Finder

We have a set of UF in a private network that is totally isolated from the Deployment server. For forwarder to indexer traffic we will use intermediate forwarders however we would also like to utilize the deployment server. Is it possible to configure a UF to point to a deployment server through a proxy?

0 Karma
1 Solution

soutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma

soutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma

ajiwanand
Path Finder

Hey soutamo,

Yes we'll be using  HTTPS as the DS protocol. My main requirement is to send only DS traffic to the proxy and indexer traffic through normal means. I wasn't entirely sure if using the splunkd as the protocol would allow for sending ONLY HF to DS traffic via proxy? I'll give it a shot

0 Karma

soutamo
SplunkTrust
SplunkTrust
Indexing traffic is not https it Splunk’s internal defined S2S. So I suppose that it don't use proxy unless you are defining those socks* on outputs.conf file.
I propose that you just test and report back if it works or not.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey@soutamo 

I tested this and confirmed that once you configure Splunkd to use a proxy, it will use the proxy to contact the DS and it does not affect the forwarder to indexer traffic as it uses S2S.

 

Thanks!

0 Karma

ajiwanand
Path Finder

Fair point! I'll test it out and reply back later.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!