Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get Splunk to work behind a proxy

mikebrooker
Explorer
‎09-26-2012 06:27 AM

I need to configured Splunk (running on RHEL6) to work behind a proxy, I tried the recommended approach and it didn't work. On each I restarted Splunk, also note yum-cron/updates works fine.

To get around this problem, you need to set the http_proxy environment variable. For permanent results, you can specify the setting in the splunk-launch.conf configuration file, located in $SPLUNK_HOME/etc/ on *nix systems and %SPLUNK_HOME%\etc\ on Windows.
In splunk-launch.conf, add this attribute/value pair:
http_proxy = :
For example:
http_proxy = 10.1.8.11:8787
I then tried this:
added to opt/splunk/etc/system/default/prefs.conf
proxy=http://proxy.local:80/
proxy_username=xxxx
proxy_password=xxxxx

Questions

1) On Linux, which is the correct file to add the proxy settings? I have seen atleast 3 files mentioned, being:
splunk-launch.conf
prefs.configuration
editing the /etc/init.d/splunk startup script

2) Does the proxy environment variable follow a typical Linux format?
For example, are these valid?

proxy=http://proxy.local:80/
proxy_username=a_user
proxy_password=a_password

or

Acquire::http::proxy "http://a_user:a_password@proxy.local:80/";

What is the correct why to achieve access from behind a proxy?

Tags (2)
Reply

MarioM
Motivator
‎09-26-2012 01:43 PM

1) http_proxy=proxy.local:80 in splunk-launch.conf

2) splunk uses urllib2 then it should support the following parameters http_proxy=a_user:a_password@proxy.local:80 but you will need to try as i am not sure :

Reply

sworisbreathing
Engager
‎08-05-2013 06:19 PM

http_proxy=a_user:a_password@proxy.local:80 worked for me (I also set the same value as https_proxy)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...