Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Local host URL to Public URL

phanichintha
Path Finder
‎07-29-2020 07:16 AM

Hello Splunkers, need a solution.

My organisation have Splunk ES 7.2.1 on AWS environment.
Having 4 AWS Splunk Instances (Search Head, Deployment Server, Indexer 1 and Indexer 2) which is in the cluster.
Right now we are accessing URL https://win-splksearch.com:8000
So now the users want to access Splunk from public URL https://splunk.organisation.com

For this, I have gone through some stuff and changed the server name in the web consoleserver.conf and web.conf but no use.

Can anyone suggest what have to do to change the localhost URL to public URL to access Splunk anywhere?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

shivanshu1593
Builder
‎07-30-2020 02:18 AM

Hello,

As suggested in my previous answer, no changes are required on your end, untill explicity requested from your network team. Here are the steps for you to follow:

Changes needed on AWS end

1. You, as the SIEM admin and owner of the tool, will consult your sysops network team, putting the requirement in front of them about exposing your application URL to public. (Basically the team which manages the networking part of your organization)

2. Based on your requirements, they'll decide the best way to expose the URL public. (will either be VPC peering, or Privatelinks over ALB etc, based upon the architecture of your organization). Please note, none of these changes are to be made by you. Network team will do it.

3. Once the step up will be done. You'll get a private URL, which you can share with your customers to use Splunk over the internet.

Changes needed on Splunk end:

1. Depends upon the requirements of the network team and the architecture of your organization. Whatever path they choose to expose the Splunk's URL to public, they'll give you specific instructions to perform on Splunk server, if required. Till then, all you need to do is contact them and have them do the work for you.

Summary: Please contant your sysops network team and put the request to them about exposing a URL for splunk in public with your decided name for it. They are the ones, who will fulfill your requirement. Since this requires changes on VPC and ALB.

Hope this helps 🙂

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

View solution in original post

0 Karma
Reply
Solved! Jump to solution

shivanshu1593
Builder
‎07-29-2020 08:57 AM

The name in the url is usually picked from your system's hostname. You'll have to contact your loval administrator for changing that entry for the particular Splunk instance that you're trying to change the URL for.

Then if you have ssl certificates enabled as well, then you'll have to get them adjusted as well (The value CNAME is also based on your system's hostname).  Once that's sorted, supply the required values in web.conf and restart splunkd.

This will take care of the URL change.

Hope this helps. Please accept it as a solution if it helped or let us know if it causes problems.

 

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Solved! Jump to solution

phanichintha
Path Finder
‎07-29-2020 09:16 AM

Hello,

I changed the values in server.conf and web.conf as well but no luck. So here accessing splunk url public i think we have the url should be in dns.

0 Karma
Reply
Solved! Jump to solution

shivanshu1593
Builder
‎07-29-2020 11:31 AM

Oh yes. I missed to add the line about the public URL. Since it's public, you'll have to modify its DNS entry on Route 53, or get a new one created, if it doesn't exist already, then have your ALB route the connections to your instances. In this case, none of the changes are required on your end. Once the changes are made and the ALB directs the requests successfully to your instance, you should be all set.

I'm sure you're already aware of it, but:

1. Never expose your EC2 instances to the web, use an Application Load balancer or Cloudfront.

2. Encryption is transit is always a better option than no encryption at all. (connection encryption between your instance and ALB)

If it helps, please mark it as accepted.

Thanks,

S

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Solved! Jump to solution

phanichintha
Path Finder
‎07-29-2020 10:14 PM

Hello Shivanshu,

I accept your answer logically but still bit confusion for doing physically.

Am the only person for Splunk SME(Admin), and AWS team for N/W related?
So, can you please clear me from my endpoint to point changes, that's better to understand.
Right now https://win-splk.com:8000  and for this instance, we have public IP is available. And need to access the Splunk via Internet http://splunk.org.com.

what changes need from Splunk end?
1.
2.
3.

what changes need from the AWS team end?
1.
2.
3.

0 Karma
Reply
Solved! Jump to solution
Solution

shivanshu1593
Builder
‎07-30-2020 02:18 AM

Hello,

As suggested in my previous answer, no changes are required on your end, untill explicity requested from your network team. Here are the steps for you to follow:

Changes needed on AWS end

1. You, as the SIEM admin and owner of the tool, will consult your sysops network team, putting the requirement in front of them about exposing your application URL to public. (Basically the team which manages the networking part of your organization)

2. Based on your requirements, they'll decide the best way to expose the URL public. (will either be VPC peering, or Privatelinks over ALB etc, based upon the architecture of your organization). Please note, none of these changes are to be made by you. Network team will do it.

3. Once the step up will be done. You'll get a private URL, which you can share with your customers to use Splunk over the internet.

Changes needed on Splunk end:

1. Depends upon the requirements of the network team and the architecture of your organization. Whatever path they choose to expose the Splunk's URL to public, they'll give you specific instructions to perform on Splunk server, if required. Till then, all you need to do is contact them and have them do the work for you.

Summary: Please contant your sysops network team and put the request to them about exposing a URL for splunk in public with your decided name for it. They are the ones, who will fulfill your requirement. Since this requires changes on VPC and ALB.

Hope this helps 🙂

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...