internet server mapping

roopeshetty · ‎12-03-2024

Hi

We have Splunk Enterprise installed on a Windows computer which does not have direct access to the internet. To access the internet on that computer, usually we open a browser like Chrome or Edge then enter some required website (example : https:\\www.yahoomail.com) and press enter. Then a pop up will come on the browser which will ask us to enter the credentials. This popup will have our internet proxy server Url with port number that is https://myinternetserver01.mydomain.com:4443 and a option to enter username and password as attached in the screenshot. Once we enter the credentials it will allow us to browse any website on that computer until we log out from that computer. Due to this restrictions, we are unable to use some of the splunk add ons which requires internet connection. We tried many options using proxy settings but none of them are working.

Can some one please guide us where can we input this internet server URL, Port and credentials so that Splunk will have a direct connection to internet and we can use all spunk add on which needs internet.

victor_menezes · ‎12-04-2024

Hi @roopeshetty ,
Can you elaborate more about what did you try already when you mentioned " We tried many options using proxy settings but none of them are working."?

Also, it is not sure if you are running in a standalone environment or a clustered one, and if the proxy configs you tried were in conf files or added via REST.

Check this documentation about some good example on how to configure proxy and non-proxy addresses, and make sure that you define the http/https_proxy correctly (use the same config mentioned in your browser for reference if that is using a direct proxy address instead of a auto-discovery script.)

Configure splunkd to use your HTTP Proxy Server - Splunk Documentation

Notice that you must pass the authentication in the URL if your proxy requires it. ( like http://user:pass@myproxy.com:80)

roopeshetty · ‎01-27-2025

We tried below confs

Navigate to $SPLUNK_HOME/etc/system/local/.
Edit (or create) server.conf

[general]
http_proxy = http://myinternetserver01.mydomain.com:4443
https_proxy = https://myinternetserver01.mydomain.com:4443
proxy_user = username
proxy_password = mysecurepassword

Also tried below conf

[general]
http_proxy = http://username:mysecurepassword@myinternetserver01.mydomain.com:4443
https_proxy = https://username:mysecurepassword@myinternetserver01.mydomain.com:4443

But both are not working.

victor_menezes · ‎01-28-2025

Hi @roopeshetty ,

The proxy config should be in its own stanza, not the [general] one.

[proxyConfig]
http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.> 

https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>  

no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">

Once you make the changes and restart, run a btool to make sure the server is getting it correctly from your configset:

/<splunk_home>/bin/splunk btool server list --debug | grep proxy

All the configurations returned are the ones being used by the system, confirm if all your custom configs are here and if there are not overlays taking precedence over them.

isoutamo · ‎01-28-2025

You could write it like
“/<splunk_home>/bin/splunk btool server list --debug proxyConfig”
Which shows what this stanza gets from different conf files.

internet server mapping

configuration

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform