How to turn off all Splunk queries towards the int...

hettervik · ‎09-08-2020

I'm trying to disable all queries from Splunk towards the internet. We have Splunk on Linux, on a closed network, and traffic towards the internet is only creating noise. I've already sat updateCheckerBaseURL=0 in web.conf and remote_tab=false in app.conf, but still there seems to be some traffic from Splunk trying to reach the internet.

Is there any other settings I can disable, or is there any smart way to troubleshoot exactly what Splunk services are trying to reach internet, why, and how to turn them off?

fuebel · ‎09-15-2020

For us it was the telemetry reporting, that tried to "get out".

https://community.splunk.com/t5/Splunk-Enterprise/Login-delay-update-notification-on-searchheads-at-...

lakshman239 · ‎09-10-2020

Have you updated updateCheckerBaseURL=0 in local/app.conf for all the apps in etc/apps or one off in the etc/system/local/app.conf in your Search head(s)? Sometime, we may have to do this in all apps as anyone could try to reach internet.

ITWhisperer · ‎09-08-2020

Have you tried something like wireshark to look at the traffic or run it through a proxy so see what is going on?

How to turn off all Splunk queries towards the internet?

configuration

Updated Team Landing Page in Splunk Observability

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...