Splunk Enterprise

How to turn off all Splunk queries towards the internet?

hettervi
Builder

I'm trying to disable all queries from Splunk towards the internet. We have Splunk on Linux, on a closed network, and traffic towards the internet is only creating noise. I've already sat updateCheckerBaseURL=0 in web.conf and remote_tab=false in app.conf, but still there seems to be some traffic from Splunk trying to reach the internet.

Is there any other settings I can disable, or is there any smart way to troubleshoot exactly what Splunk services are trying to reach internet, why, and how to turn them off?

Labels (1)
Tags (2)
0 Karma

fuebel
Explorer

lakshman239
SplunkTrust
SplunkTrust

Have you updated updateCheckerBaseURL=0  in local/app.conf for all the apps  in etc/apps or one off in the etc/system/local/app.conf in your Search head(s)?  Sometime, we may have to do this in all apps as anyone could try to reach internet.

ITWhisperer
SplunkTrust
SplunkTrust

Have you tried something like wireshark to look at the traffic or run it through a proxy so see what is going on?

Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...