Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I properly configure proxy for Splunk?

szabados
Communicator
‎03-17-2017 01:54 AM

I'm running Splunk 6.5.2 on a Windows Server 2012 R2, and I just cannot get the proxy working.
I've tried setting it in splunk-launch.conf, and/or as an environmental variable for both http_proxy and httpS_proxy , but none of them helped, I'm getting Winsock 10061 errors all the time. I've tried both formats: : and http(s)://:.
Besides that, I want to use a couple apps (downloaded from Splunkbase), some of them has their own configuration where I can specify the proxy settings, and I'm getting '407 Proxy Authentication Required' errors.
However, our proxy does not need authentication. I've tried running web requests with the same python modules used in the apps (urllib2, requests), and worked from me.

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎03-20-2017 09:53 PM

Another answers post suggested configuring rhe http_proxy like:

http_proxy=a_user:a_password@proxy.local:80

Did you try with your credentials? Sounds like your proxy requires auth.

https://answers.splunk.com/answers/59873/how-to-get-splunk-to-work-behind-a-proxy.html

- MattyMo
0 Karma
Reply

szabados
Communicator
‎04-24-2017 01:24 AM

Update:

So, this 407 issue has been sorted, not with authentication, but now Splunk is able to open connections towards the public web, but not in all the cases. Some of my threat feeds in Enterprise Security work nicely, but some of them are still failing. I have no other idea where I could configure the proxy, or what is causing this inconsistent behavior.

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎04-24-2017 01:41 AM

For Splunk ES you can Download a threat intelligence feed from the Internet in Splunk Enterprise Security refer to the "Configure a proxy for retrieving threat intelligence" section.

Note in my setup I use the ES level setup for using a proxy and not the above mentioned version...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...