Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Send UF -> Deployment server traffic through a Proxy?

ajiwanand
Path Finder
‎09-30-2020 10:39 AM

We have a set of UF in a private network that is totally isolated from the Deployment server. For forwarder to indexer traffic we will use intermediate forwarders however we would also like to utilize the deployment server. Is it possible to configure a UF to point to a deployment server through a proxy?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-01-2020 05:03 AM
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

isoutamo
SplunkTrust
SplunkTrust
‎10-01-2020 05:03 AM
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo
0 Karma
Reply
Solved! Jump to solution

ajiwanand
Path Finder
‎10-01-2020 07:38 AM

Hey soutamo,

Yes we'll be using  HTTPS as the DS protocol. My main requirement is to send only DS traffic to the proxy and indexer traffic through normal means. I wasn't entirely sure if using the splunkd as the protocol would allow for sending ONLY HF to DS traffic via proxy? I'll give it a shot

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎10-01-2020 07:41 AM
Indexing traffic is not https it Splunk’s internal defined S2S. So I suppose that it don't use proxy unless you are defining those socks* on outputs.conf file.
I propose that you just test and report back if it works or not.
r. Ismo
0 Karma
Reply
Solved! Jump to solution

ajiwanand
Path Finder
‎10-01-2020 04:50 PM

Hey@isoutamo 

I tested this and confirmed that once you configure Splunkd to use a proxy, it will use the proxy to contact the DS and it does not affect the forwarder to indexer traffic as it uses S2S.

 

Thanks!

0 Karma
Reply
Solved! Jump to solution

ajiwanand
Path Finder
‎10-01-2020 07:42 AM

Fair point! I'll test it out and reply back later.

0 Karma
Reply
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...