Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Platform
- :
- Splunk Enterprise
- :
- Splunk Enterprise or Heavy Forwarder Internet Acce...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Day.
I've browsed for some time the official documentation and the forum, and I haven't found exactly the answer I need, so... this is my question (it applies to HF and Enterprise).
I would like to limit the internet access of my HF. Over the months, two possible connections come to my mind:
- Updating Splunk
- Updating Plugins from splunkbase
After some reseach, I haven't found what IP addresses or URL are the right ones to configure in the firewall.
Any help?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @CarlosNoob
If you want to be able to update apps from within your Splunk server's apps list then you need to enable the server to access https://apps.splunk.com/ which is details in server.conf.
If you want the update notifications, *or to access docs* linked from various parts of Splunk then the server needs to be able to access http://quickdraw.splunk.com - this is detailed in web.conf here.
Note - Splunk HF/Enterprise does not have the ability to update itself, it can only notify you of an update. You would need to download the packages from https://splunk.com/download
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @CarlosNoob
If you want to be able to update apps from within your Splunk server's apps list then you need to enable the server to access https://apps.splunk.com/ which is details in server.conf.
If you want the update notifications, *or to access docs* linked from various parts of Splunk then the server needs to be able to access http://quickdraw.splunk.com - this is detailed in web.conf here.
Note - Splunk HF/Enterprise does not have the ability to update itself, it can only notify you of an update. You would need to download the packages from https://splunk.com/download
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good Day @livehybrid
Yes, It helped.
Some research with Browser Dev Tools shows that all posibilities (login to splunk base, downloading, login to splunk) are inside the main domain:
*.splunk.com
So allowing by domain to splunk.com should be ok.
Kind Regards.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk doesn't automatically update online - you have to manually download a new version and upload it to server(s).
The sources for app downloads are listed in
Aligning Observability Costs with Business Value: Practical Strategies
Mastering Data Pipelines: Unlocking Value with Splunk
Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0
