Deployment Architecture

Send UF -> Deployment server traffic through a Proxy?

ajiwanand
Path Finder

We have a set of UF in a private network that is totally isolated from the Deployment server. For forwarder to indexer traffic we will use intermediate forwarders however we would also like to utilize the deployment server. Is it possible to configure a UF to point to a deployment server through a proxy?

0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Hi
I haven't try it, but based on configuration files this should be work.
https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf#Splunkd_http_proxy_configuration

And you probably already are using https as DS connection protocol? If yes then it should works. You can also use proxy for sending events to indexers if also those are behind proxy/socks. https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Outputsconf#TCPOUT_SETTINGS and check socks* parameters.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey soutamo,

Yes we'll be using  HTTPS as the DS protocol. My main requirement is to send only DS traffic to the proxy and indexer traffic through normal means. I wasn't entirely sure if using the splunkd as the protocol would allow for sending ONLY HF to DS traffic via proxy? I'll give it a shot

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Indexing traffic is not https it Splunk’s internal defined S2S. So I suppose that it don't use proxy unless you are defining those socks* on outputs.conf file.
I propose that you just test and report back if it works or not.
r. Ismo
0 Karma

ajiwanand
Path Finder

Hey@isoutamo 

I tested this and confirmed that once you configure Splunkd to use a proxy, it will use the proxy to contact the DS and it does not affect the forwarder to indexer traffic as it uses S2S.

 

Thanks!

0 Karma

ajiwanand
Path Finder

Fair point! I'll test it out and reply back later.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...