Security

How to get Splunk to work behind a proxy

Explorer

I need to configured Splunk (running on RHEL6) to work behind a proxy, I tried the recommended approach and it didn't work. On each I restarted Splunk, also note yum-cron/updates works fine.

To get around this problem, you need to set the http_proxy environment variable. For permanent results, you can specify the setting in the splunk-launch.conf configuration file, located in $SPLUNK_HOME/etc/ on *nix systems and %SPLUNK_HOME%\etc\ on Windows.
In splunk-launch.conf, add this attribute/value pair:
http_proxy = :
For example:
http_proxy = 10.1.8.11:8787
I then tried this:
added to opt/splunk/etc/system/default/prefs.conf
proxy=http://proxy.local:80/
proxy_username=xxxx
proxy_password=xxxxx

Questions

1) On Linux, which is the correct file to add the proxy settings? I have seen atleast 3 files mentioned, being:
splunk-launch.conf
prefs.configuration
editing the /etc/init.d/splunk startup script

2) Does the proxy environment variable follow a typical Linux format?
For example, are these valid?

proxy=http://proxy.local:80/
proxy_username=a_user
proxy_password=a_password

or

Acquire::http::proxy "http://a_user:a_password@proxy.local:80/";

What is the correct why to achieve access from behind a proxy?

Tags (2)

Motivator

1) http_proxy=proxy.local:80 in splunk-launch.conf

2) splunk uses urllib2 then it should support the following parameters http_proxy=a_user:a_password@proxy.local:80 but you will need to try as i am not sure :

http_proxy=a_user:a_password@proxy.local:80 worked for me (I also set the same value as https_proxy)

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!