Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why can't I install App via proxy?

opoplawski
Explorer
‎11-16-2022 12:39 PM

I'm trying to setup splunk on our network.  We must use a proxy to access the internet.  I've set (I've tried with and without sslVersions):

[sslConfig] 
sslRootCAPath = /etc/pki/tls/cert.pem 
sslVersions = tls1.2

[applicationsManagement] 
sslVersions = tls1.2

[proxyConfig] 
http_proxy = http://PROXY:8080 
https_proxy = http://PROXY:3128 
no_proxy = 127.0.0.0/8,::1,localhost,10.0.0.0/8,192.168.0.0/16,.nwra.com

splunkd reports:

11-16-2022 11:36:34.092 -0800 ERROR HttpClientRequest [50124 TcpChannelThread] - HTTP client error
=error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol while accessing server=http:/
/PROXY:3128 for request=https://cdn.splunkbase.splunk.com/media/private/signed_42
40_20873_1668244830.tgz?response-content-disposition=attachment%3Bfilename%3D%22infosec-app-for-sp
lunk_170.tgz%22&Expires=1668628893&Signature=Ks6QSvwm3FOjimXq42aW-xSdBeysPA1gYrQlQu0Urpf-R7XfnVyQn
F8ChIlT4blEJ38jq-1Iy9vYopkI5MvZoccqJLsbv~fe8peAxgIDHABo0kGLacXoXgiYEE5MGxMmBlBcvA54dwr4xqdmo69zxl6
FhfGxHBfi6KUAZ6zgrv0RlZNz7uQR95cmTpjPbtwlDDbw8IeUE4~NEDnNhRwAqD3mKiSHhfGYEgDF5kQMEHgkm2csRMyJ7i4qR
MscF~dUeqjvrN0P1W~NfL8vykYTHWMXqoeY1OVFliRXzfhqjwcCw8GtQgCcTWT7WOrHLfhZNJR-nJ9kf786SLqgNVQUXA__&Ke
y-Pair-Id=K3GLBBC7R7U34X.

  I can download that URL fine from the machine directly:

https_proxy=http://PROXY:3128 curl 'https://cdn.splunkb
ase.splunk.com/media/private/signed_4240_20873_1668244830.tgz?response-content-disposition=attachm
ent%3Bfilename%3D%22infosec-app-for-splunk_170.tgz%22&Expires=1668627891&Signature=aA-kU~xxaEcPSU~
A3fY4tPEY2mzdfDNN-T4I~RF3bEFfqJB8u2-K7ia8IEMP~uqxqWQhGCKr2oBRC3qQqdsa2-vwz8yzvNgIPcwI5VFEjjFBs1yZu
-0k91sOjFgbiCx3z2FetbSm2K05FOCCN2GCxrJacpjSCz9kPJdFrnsZRDgrdX9vHsC62Fn60OWt0IgRS3qoXKdHHWXct5-RFUc
iKoOFWX8Hdp4ZGXe~xx3UGhqkonqV-ZE~Nt34beC~J5SGdvTS8mZcr7bZKL9M4fefGRtHiVzdK8ffuqCe5Fsthoyyl8OHr4MJy
TptHLcwZKJhthqee80hyrlPYyGVgiEeyQ__&Key-Pair-Id=K3GLBBC7R7U34X' -o /tmp/out
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
                                Dload  Upload   Total   Spent    Left  Speed 
100   114  100   114    0     0    139      0 --:--:-- --:--:-- --:--:--   139

 Both the splunk server and the proxy are running EL 8.7.

Labels (3)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-16-2022 11:27 PM

Hi @opoplawski,

did you tried to install apps from a downloaded in your computer file?

I usually use this method because the Splunk systems I found aren't all connected to internet.

Ciao.

Giuseppe

0 Karma
Reply

opoplawski
Explorer
‎11-17-2022 08:45 AM

Thanks, that definitely works as an alternative.  But it would still be nice to be able to install directly via the console.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...