We plan to deply Splunk in our company environment, since the encironment is in a dmz network so we need to open the fw ports and whitlist the certain URL for the application.
Could you help to provide the specific URL for downloading add-on from Splunk App site, we need to whitelist and open it from our internal network.
I understand the apps can be downloaded and installed manually by the admin users in offline. But our business users require to install the apps by them self just like the normal way, in the Splunk application, from add-on or app windows, search the desired app and install it. That's why we would like to open the application install URL (Splunkbase apps.splunk.com).
1. apps.splunk.com is the URL needs to be opened for the add-on or apps install?
2. On which server we need to open the port and whitelist the URL apps.splunk.com, Search Head or Forwarder server?
when you say "install the apps by themself just like the normal way", are you meaning self upgrade as Office?
If this is the requirement of your customer, Splunk fortunately hasn't this feature because it's very dangerous for the system health (if you're speaking of Splunk Apps)!
In other words, the upgrade of an app (App or TA) must be managed by an administrator, it isn't possible (and not hintable) to have a self upgrade mechanism.
If instead you're meaning that every user can install their own apps, they can follow the above procedure, you have only to enable all users to install apps, but I again don't hint this solution.
At least, there isn't an automatic app upgrade in Splunk, and the best advising approach is trying to explain to your customer why it isn't a good idea.
Think to what damages could bring users that install app by themselves, you risk the block of the system.
Ciao and good luck!
Thank you for the update, we dont have the Deployment Server, only Search Head, Indexer, Forwarder and License Management server.
But do we need to open the Splunkbase URL (apps.splunk.com) on Search Head or Forwarder server?
As my understanding we only need to open the URL on Search Head server since the user only have the access to Search Head server on 443, is that correct?
you don't need to open any internet connection in any Splunk server and I'd avoid this for security reasons: all the apps can be installed or upgraded by GUI from an admin workstation.
In other word, the upgrade procedure is the one I described in me previous answer and doesn't require any internet connection.
About the Deployment Server I hint to use it because it's very useful: otherwise you have to use another system (as Ansible) or custom scripts.
If you already have a software distribution system you can use it otherwise, use Deployment Server, it's the most efficient solution!
P.S.: if this answer solves your solution, please accept it for the other people of Community and Karma Points are appreciated by all the Contributors 😉
if you have a Deployment Server, you don't need an URL to deploy add-ons on Forwarders.
You have to download the installation packages from Splunkbase (apps.splunk.com) on your pc and then copy them on the deployment server following the instructions at https://docs.splunk.com/Documentation/Splunk/8.2.1/Updating/Updateconfigurations