Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to completely disable ProxyConfig?

ricotries
Communicator
‎05-22-2020 02:22 PM

I have a Splunk Enterprise instance (v7.3.4) and I am wondering if there is a way to completely disable ProxyConfig in server.conf? Every time the software restarts there's 4 informational logs in splunkd.log related to the 4 proxy settings (http_proxy, https_proxy, proxy_rules, and no_proxy), but I don't really care since I won't be enabling any outside communication. Is this required behavior or did I do something to trigger these startup messages?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PavelP
Motivator
‎05-22-2020 03:01 PM

Hello @ricotries,

AFAIK this function is compiled in the splunk binary, so you cannot disable it.

What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:

[splunkd]
category.ProxyConfig=WARN

and restart splunk

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

PavelP
Motivator
‎05-22-2020 03:01 PM

Hello @ricotries,

AFAIK this function is compiled in the splunk binary, so you cannot disable it.

What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:

[splunkd]
category.ProxyConfig=WARN

and restart splunk

0 Karma
Reply
Solved! Jump to solution

Jamie
Path Finder
‎11-18-2021 09:12 AM

Hello.  Has anyone pushed out this configuration to Universal Forwarders using a Deployment Manager?  Thanks.

0 Karma
Reply
Solved! Jump to solution

sbrice18
Path Finder
‎08-24-2022 11:07 AM

What was your findings on pushing this out to a universal forwarder?  I am looking at the same thing since we see this error from 3k+ forwarders. 🙂

0 Karma
Reply
Solved! Jump to solution

Jamie
Path Finder
‎08-25-2022 06:21 AM

It didn't work for the UFs (but did for Splunk servers from memory).

Reply
Solved! Jump to solution

ricotries
Communicator
‎05-23-2020 08:38 AM

Is this the equivalent of filtering by severity level in syslog?

0 Karma
Reply
Solved! Jump to solution

PavelP
Motivator
‎05-23-2020 12:28 PM

Hello @ricotries

yes, sort of
https://docs.splunk.com/Documentation/Splunk/8.0.3/AdvancedDev/ModInputsLog

I've tested this solution and it works

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...