×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
scr1biddies
Loves-to-Learn Lots
Member since: ‎05-27-2024
‎09-27-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-27-2024
Activity Feed
View All

Re: How to make real IP user showing while using L...

by in Security
‎09-26-2024 04:03 AM
‎09-26-2024 04:03 AM
I just cheked on the  /system/default/web.conf there is the config that u mentioned before are commented.  It says that i have to set that in local/web.conf if I run my splunk behind the reverse proxy. Is that the correct location?  for the save way, do I have to copy that to /local first or I can just simply enable it? ... View more

Re: How to make real IP user showing while using L...

by in Security
‎09-25-2024 03:07 AM
‎09-25-2024 03:07 AM
I'll try this thing 1st ... View more

Re: How to make real IP user showing while using L...

by in Security
‎09-25-2024 02:46 AM
‎09-25-2024 02:46 AM
I found related case in the splunk Ideas https://ideas.splunk.com/ideas/EID-I-1168, it's kinda complicated, since I 'm a new in splunk and the SHC architecture are not simple. ... View more

Re: How to make real IP user showing while using L...

by in Security
‎09-25-2024 02:42 AM
‎09-25-2024 02:42 AM
okay, so I need to talk with the LB/network team who fix this thing then. ... View more

How to make real IP user showing while using LB in...

by in Security
‎09-23-2024 10:20 PM
‎09-23-2024 10:20 PM
Hi, this is my 1st post, I'm a newbie splunkers. I have a case from my clients so, the splunk is running with LB following with the SH cluster. I already using LDAP to inject the data for login access account in splunk.  When I checked out the audittrail log in query table, it's showing only 1 spesific clientip or src. That was different with the 1st time I inject the AD for login access to splunk, or inside the dev server because we only use AIO/standalone splunk in dev. It's showing the real IP of the user. But now, when I logged in to the splunk web, the audit trail log, will show the spesific 1 IP, I think it's LB or AD IP.  Even I used the native user like "admin", it will show only 1 IP, and it's not my device IP. How to make the real IP  fromuser showing, while using LB in shcluster instead of only 1 IP from LB or AD in Audittrail log? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-27-2024 01:49 AM