How to configure Splunk Enterprise in front of AWS ELB instance


We have deployed Splunk Enterprise on an EC2 instance behind a classic ELB in AWS with HTTPS enabled (screenshots attached). Splunk runs in plain HTTP in the default port but we have set in our web.conf the following


Though when we visit the Splunk HTTPS, we can see the login page and authenticate successfully , then it redirects us in a and not our ELB URL. Help appreciated.

Labels (1)
0 Karma

Splunk Employee
Splunk Employee
0 Karma


Thanks. But are we saying we need to put a reverse proxy in front of SplunkWeb for this to work?

It seems overkill for something so basic. It seems that SplunkWeb just isn't taking the correct base host & port as defined in tools.proxy.base in the web.conf

0 Karma


I'm having the same issue. The tools.proxy.base configuration does not seem to be working as it always points to, it does not matter what I add as a base.

tools.proxy.on = <boolean>
* Whether or not the Splunk platform instance is behind a reverse proxy server.
* If set to "true", the instance assumes that it is behind a reverse proxy and
  uses HTTP header information from the proxy to log access requests, secure
  its cookies properly, and generate valid URLs for redirect responses.
* All of the instance's HTTP services will use information from
  "X-Forwarded-*", "Front-End-Https", and "X-Url-Scheme" headers, where
  available, to override what it receives from proxied requests.
* If you set this to "true", you must also set 'tools.proxy.base' to a valid
  host name and network port.
* If set to "false", the instance relies on its own internal HTTP server
  settings and the immediate client's HTTP headers for the information needed
  for access request logging, cookie securing, and redirect URL generation.
* Default: false

tools.proxy.base = <scheme>://<URL>
* The proxy base URL in Splunk Web.
* Default: empty string


0 Karma


It is disappointing that Splunk does not provide this capability out of the box. You would expect this from the tools.proxy.base setting but it just keeps pointing back to localhost:8000. So, to resolve termination of HTTPS traffic on my ELB and pass HTTP to the instance,  I had to do add a reverse proxy. It is an overkill unfortunately @fman82 but easy to setup.

In short, I added Nginx and setup a redirection of all 80 traffic to 443 using the following configuration:

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name <elb.hostname.domain>;
  return 301 https://$host$request_uri;

Keep in mind you may need to open port 80 on the ELB and all the internal HTTP Splunk redirects are handled by Nginx.

0 Karma
Get Updates on the Splunk Community!

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options A recent Tech Talk, ...

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...