Security

How to get Splunk to work behind a proxy

mikebrooker
Explorer

I need to configured Splunk (running on RHEL6) to work behind a proxy, I tried the recommended approach and it didn't work. On each I restarted Splunk, also note yum-cron/updates works fine.

To get around this problem, you need to set the http_proxy environment variable. For permanent results, you can specify the setting in the splunk-launch.conf configuration file, located in $SPLUNK_HOME/etc/ on *nix systems and %SPLUNK_HOME%\etc\ on Windows.
In splunk-launch.conf, add this attribute/value pair:
http_proxy = :
For example:
http_proxy = 10.1.8.11:8787
I then tried this:
added to opt/splunk/etc/system/default/prefs.conf
proxy=http://proxy.local:80/
proxy_username=xxxx
proxy_password=xxxxx

Questions

1) On Linux, which is the correct file to add the proxy settings? I have seen atleast 3 files mentioned, being:
splunk-launch.conf
prefs.configuration
editing the /etc/init.d/splunk startup script

2) Does the proxy environment variable follow a typical Linux format?
For example, are these valid?

proxy=http://proxy.local:80/
proxy_username=a_user
proxy_password=a_password

or

Acquire::http::proxy "http://a_user:a_password@proxy.local:80/";

What is the correct why to achieve access from behind a proxy?

Tags (2)

MarioM
Motivator

1) http_proxy=proxy.local:80 in splunk-launch.conf

2) splunk uses urllib2 then it should support the following parameters http_proxy=a_user:a_password@proxy.local:80 but you will need to try as i am not sure :

sworisbreathing
Engager

http_proxy=a_user:a_password@proxy.local:80 worked for me (I also set the same value as https_proxy)

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!