- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- How to completely disable ProxyConfig?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a Splunk Enterprise instance (v7.3.4) and I am wondering if there is a way to completely disable ProxyConfig in server.conf? Every time the software restarts there's 4 informational logs in splunkd.log related to the 4 proxy settings (http_proxy, https_proxy, proxy_rules, and no_proxy), but I don't really care since I won't be enabling any outside communication. Is this required behavior or did I do something to trigger these startup messages?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ricotries,
AFAIK this function is compiled in the splunk binary, so you cannot disable it.
What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:
[splunkd]
category.ProxyConfig=WARN
and restart splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ricotries,
AFAIK this function is compiled in the splunk binary, so you cannot disable it.
What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:
[splunkd]
category.ProxyConfig=WARN
and restart splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. Has anyone pushed out this configuration to Universal Forwarders using a Deployment Manager? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What was your findings on pushing this out to a universal forwarder? I am looking at the same thing since we see this error from 3k+ forwarders. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It didn't work for the UFs (but did for Splunk servers from memory).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this the equivalent of filtering by severity level in syslog?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ricotries
yes, sort of
https://docs.splunk.com/Documentation/Splunk/8.0.3/AdvancedDev/ModInputsLog
I've tested this solution and it works
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
