Hi
We have Splunk Enterprise installed on a Windows computer which does not have direct access to the internet. To access the internet on that computer, usually we open a browser like Chrome or Edge then enter some required website (example : https:\\www.yahoomail.com) and press enter. Then a pop up will come on the browser which will ask us to enter the credentials. This popup will have our internet proxy server Url with port number that is https://myinternetserver01.mydomain.com:4443 and a option to enter username and password as attached in the screenshot. Once we enter the credentials it will allow us to browse any website on that computer until we log out from that computer. Due to this restrictions, we are unable to use some of the splunk add ons which requires internet connection. We tried many options using proxy settings but none of them are working.
Can some one please guide us where can we input this internet server URL, Port and credentials so that Splunk will have a direct connection to internet and we can use all spunk add on which needs internet.
Hi @roopeshetty ,
Can you elaborate more about what did you try already when you mentioned " We tried many options using proxy settings but none of them are working."?
Also, it is not sure if you are running in a standalone environment or a clustered one, and if the proxy configs you tried were in conf files or added via REST.
Check this documentation about some good example on how to configure proxy and non-proxy addresses, and make sure that you define the http/https_proxy correctly (use the same config mentioned in your browser for reference if that is using a direct proxy address instead of a auto-discovery script.)
Configure splunkd to use your HTTP Proxy Server - Splunk Documentation
Notice that you must pass the authentication in the URL if your proxy requires it. ( like http://user:pass@myproxy.com:80)
We tried below confs
Navigate to $SPLUNK_HOME/etc/system/local/.
Edit (or create) server.conf
[general]
http_proxy = http://myinternetserver01.mydomain.com:4443
https_proxy = https://myinternetserver01.mydomain.com:4443
proxy_user = username
proxy_password = mysecurepassword
Also tried below conf
[general]
http_proxy = http://username:mysecurepassword@myinternetserver01.mydomain.com:4443
https_proxy = https://username:mysecurepassword@myinternetserver01.mydomain.com:4443
But both are not working.
Hi @roopeshetty ,
The proxy config should be in its own stanza, not the [general] one.
[proxyConfig]
http_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTP requests through this proxy server. The default value is unset.>
https_proxy = <string that identifies the server proxy. When set, splunkd sends all HTTPS requests through the proxy server defined here. If not set, splunkd uses the proxy defined in http_proxy. The default value is unset.>
no_proxy = <string that identifies the no proxy rules. When set, splunkd uses the [no_proxy] rules to decide whether the proxy server needs to be bypassed for matching hosts and IP Addresses. Requests going to localhost/loopback address are not proxied. Default is "localhost, 127.0.0.1, ::1">
Once you make the changes and restart, run a btool to make sure the server is getting it correctly from your configset:
/<splunk_home>/bin/splunk btool server list --debug | grep proxy
All the configurations returned are the ones being used by the system, confirm if all your custom configs are here and if there are not overlays taking precedence over them.