Greetings, We're using Splunk 4 (4.1.6 build 89596) and wanted to setup forward proxy, where the proxy is on a separate machine. Most of the other examples I found assumed the proxy and splunk run on the same server. The main issue with doing this is that Splunk really wants to redirect the user directly to itself. The worst bit is that does the redirect using HTML, not any HTTP headers. (If it used HTTP headers, then Apache's mod_proxy could do the rewrite (Possibly the module mod_proxy_html can rewrite the HTML for you, but I haven't tried this). Dear splunk developers, it would be cool if you could fix the redirection method 🙂 ). I found that when you set 'tools.proxy.on = True' then Splunk assumes that the Web/Proxy server is running locally on the same server as the Splunk. In this case, it keeps redirecting to 127.0.0.1. Therefore, if you are running a separate Web/Proxy server, then you do NOT want to set this (leave it blank, or set 'tools.proxy.on = false'). Our solution was to set /opt/splunk/etc/system/local/web.conf like this: [settings] root_endpoint = /splunk httpport = 80 Then on the separate machine running Apache (we actually are using Apache with SSL) the lines we added to the existing mod_proxy configuration were: ProxyPass /splunk http://10.0.0.10/splunk ProxyPassReverse /splunk http://10.0.0.10/splunk Enjoy! Kind regards, Dave Seddon dave at seddon ca ... View more