Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk web redirect to FQDN?

edwardrose
Contributor
‎08-14-2018 04:15 PM

I was looking around and maybe my googling is the best today, but I cannot seem to find a way to redirect the Splunk webserver. Basically our customers can access our Splunk servers with either the short name:

https://splunkit:8000

Or the FQDN

https://splunkit.mydomain.com:8000

My question is how do I get the Splunk webserver to redirect the short name to the FQDN? We are getting dedicated certs for the Splunk web interface and need customer's to access the FQDN for the certs to be valid. Any help or docs would be awesome thanks.

-ed

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

acharlieh
Influencer
‎08-15-2018 08:49 AM

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

acharlieh
Influencer
‎08-15-2018 08:49 AM

I don't believe the Splunk webserver will do this. Even if it could, I'm not sure if it would be a supported change. However instead you could setup a proxy / load balancer (such as an F5) in front of your Splunk Web interface. (Having a load balancer in front of SplunkWeb on your search heads is something you'd want for Search Head Clustering anyways.)

Your load balancer would have to support name based virtual hosting so that requests to the short name would be served with a 301 redirect, but responses to the FQDN would be proxied to the appropriate search head.

Now with regards to the certificate errors, If your load balancer supports SNI, the load balancer could serve a certificate with the simple name (likely issued by the customer's internal CA infrastructure) to requests for the simple name. If the load balancer does not support flexing based on SNI, then you are looking at getting a certificate with multiple Subject Alternative Names as @teunlaan mentions in their comment.

Alternatively... you could see if the network & device management folks at the company would get rid of their DNS Suffix search list. In this case only the FQDN would work for folks, and if you have enough messaging and training, possibly they will come around to not use unqualified names... but that's much more difficult of course.

0 Karma
Reply
Solved! Jump to solution

sloshburch
Ultra Champion
‎08-16-2018 07:25 AM

Agreed. This is something that needs to be configured as part of the larger DNS/FQND setup. As in, this is part of networking configuration for the environment, not Splunk itself.

0 Karma
Reply
Solved! Jump to solution

teunlaan
Contributor
‎08-15-2018 05:31 AM

I don't know how to redirect it. You could also create certificates with aliases. Your certificate will be valid for short AND FQDN

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...