Monitoring Splunk
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: How to completely disable ProxyConfig?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ricotries
Communicator
05-22-2020
02:22 PM
I have a Splunk Enterprise instance (v7.3.4) and I am wondering if there is a way to completely disable ProxyConfig in server.conf? Every time the software restarts there's 4 informational logs in splunkd.log related to the 4 proxy settings (http_proxy, https_proxy, proxy_rules, and no_proxy), but I don't really care since I won't be enabling any outside communication. Is this required behavior or did I do something to trigger these startup messages?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PavelP
Motivator
05-22-2020
03:01 PM
Hello @ricotries,
AFAIK this function is compiled in the splunk binary, so you cannot disable it.
What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:
[splunkd]
category.ProxyConfig=WARN
and restart splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PavelP
Motivator
05-22-2020
03:01 PM
Hello @ricotries,
AFAIK this function is compiled in the splunk binary, so you cannot disable it.
What you can do is to change the logging level for ProxyConfig to WARN. Create a file /opt/splunk/etc/log-local.cfg with following content:
[splunkd]
category.ProxyConfig=WARN
and restart splunk
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jamie
Path Finder
11-18-2021
09:12 AM
Hello. Has anyone pushed out this configuration to Universal Forwarders using a Deployment Manager? Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sbrice18
Path Finder
08-24-2022
11:07 AM
What was your findings on pushing this out to a universal forwarder? I am looking at the same thing since we see this error from 3k+ forwarders. 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jamie
Path Finder
08-25-2022
06:21 AM
It didn't work for the UFs (but did for Splunk servers from memory).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ricotries
Communicator
05-23-2020
08:38 AM
Is this the equivalent of filtering by severity level in syslog?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PavelP
Motivator
05-23-2020
12:28 PM
Hello @ricotries
yes, sort of
https://docs.splunk.com/Documentation/Splunk/8.0.3/AdvancedDev/ModInputsLog
I've tested this solution and it works
Get Updates on the Splunk Community!
Leveraging Detections from the Splunk Threat Research Team & Cisco Talos
Now On Demand
Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research ...
New in Splunk Observability Cloud: Automated Archiving for Unused Metrics
Automated Archival is a new capability within Metrics Management; which is a robust usage & cost optimization ...
Calling All Security Pros: Ready to Race Through Boston?
Hey Splunkers,
.conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...
