Hi,
We have a Search head on the other side of a WAN which needs to search against an Index cluster in a sensitive network segment. A security requirement is that we must use an intermediate device as a broker of some form between these network areas.
The protocol is apparently not HTTP, so an HTTP proxy is no use, what else might be available to allow these systems to connect in line with our security policy?
Bluecoat proxysg can create tcp tunnel (it will not go above layer 4) between the 2 networks
Use the SDK to access Splunk. I use the python SDK to feed our corp portal and have similar security restraints. Once I started using the SDK all kind of new uses opened up.
The JS SDK has some great examples, a mini search page is one you may find useful.
Well I need something we could call a proxy. Could I use this to write a proxy somehow, instead of a client? We definitely need to use a search head to query an index.
If you run this on ngingx for example you could have the Splunk end point be local host and use proxy pass to access Splunk. Have not done this myself.
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
I you need a full SH you may be able to use squid in a distrubitred search config.
http://docs.splunk.com/Documentation/Splunk/6.2.1/DistSearch/Whatisdistributedsearch
I use autossh to set up a socks proxy via a bastion host, this allows me to access my Splunk instance anywhere.
Hope this helps.