Deployment Architecture

Send UF -> Deployment server traffic through a Proxy?

ajiwanand
Path Finder

We have a set of UF in a private network that is totally isolated from the Deployment server. For forwarder to indexer traffic we will use intermediate forwarders however we would also like to utilize the deployment server. Is it possible to configure a UF to point to a deployment server through a proxy?

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey soutamo,

Yes we'll be using  HTTPS as the DS protocol. My main requirement is to send only DS traffic to the proxy and indexer traffic through normal means. I wasn't entirely sure if using the splunkd as the protocol would allow for sending ONLY HF to DS traffic via proxy? I'll give it a shot

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Indexing traffic is not https it Splunk’s internal defined S2S. So I suppose that it don't use proxy unless you are defining those socks* on outputs.conf file.
I propose that you just test and report back if it works or not.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey@isoutamo 

I tested this and confirmed that once you configure Splunkd to use a proxy, it will use the proxy to contact the DS and it does not affect the forwarder to indexer traffic as it uses S2S.

 

Thanks!

0 Karma

ajiwanand
Path Finder

Fair point! I'll test it out and reply back later.

0 Karma
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...