Is it possible to restrict the admin user to login from for example 192.168.0.2 address only?
Thanks! So this is not doable in the Splunk server configuration?
I don't remember seeing a setting for this off the top of my head. The Apache instance is probably the best way to do this - this is how I do it hear in my installation. In addition, I let it handle all the SSL duties..
You could do this by putting an Apache httpd as reverse proxy in front of splunk and configure Splunk to listen on 127.0.0.1. Apache lets you easily configure such restrictions.