I'm trying to disable all queries from Splunk towards the internet. We have Splunk on Linux, on a closed network, and traffic towards the internet is only creating noise. I've already sat updateCheckerBaseURL=0 in web.conf and remote_tab=false in app.conf, but still there seems to be some traffic from Splunk trying to reach the internet.
Is there any other settings I can disable, or is there any smart way to troubleshoot exactly what Splunk services are trying to reach internet, why, and how to turn them off?
Have you updated updateCheckerBaseURL=0 in local/app.conf for all the apps in etc/apps or one off in the etc/system/local/app.conf in your Search head(s)? Sometime, we may have to do this in all apps as anyone could try to reach internet.