Re: How to turn off all Splunk queries towards the...

hettervi · ‎09-08-2020

I'm trying to disable all queries from Splunk towards the internet. We have Splunk on Linux, on a closed network, and traffic towards the internet is only creating noise. I've already sat updateCheckerBaseURL=0 in web.conf and remote_tab=false in app.conf, but still there seems to be some traffic from Splunk trying to reach the internet.

Is there any other settings I can disable, or is there any smart way to troubleshoot exactly what Splunk services are trying to reach internet, why, and how to turn them off?

fuebel · ‎09-15-2020

For us it was the telemetry reporting, that tried to "get out".

https://community.splunk.com/t5/Splunk-Enterprise/Login-delay-update-notification-on-searchheads-at-...

lakshman239 · ‎09-10-2020

Have you updated updateCheckerBaseURL=0 in local/app.conf for all the apps in etc/apps or one off in the etc/system/local/app.conf in your Search head(s)? Sometime, we may have to do this in all apps as anyone could try to reach internet.

ITWhisperer · ‎09-08-2020

Have you tried something like wireshark to look at the traffic or run it through a proxy so see what is going on?

How to turn off all Splunk queries towards the internet?

configuration

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats