- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- Splunk release for exit on the internet
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Folks,
I would like a help from you, here in the company where I work, Splunk has no way out of the internet.
After a lot of conversation, I managed to convince the client to allow the tool to access the internet.
However, access is partially working.
Today I can install a new app through Splunk web, but I can't update an app already installed.
The firewall team asked me for the splunk domains for release.
Below is the list I gave them:
I would like to know if there is any other domain that I should request the release.
§ url = https://splunkbase.splunk.com/api/apps
§ loginUrl = https://splunkbase.splunk.com/api/account:login/
§ detailsUrl = https://splunkbase.splunk.com/apps/id
§ updateHost = https://splunkbase.splunk.com
§ updatePath = /api/apps:resolve/checkforupgrade
§ https://telefonica.threatconnect.com/api
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.
If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The fact that you are giving them urls, and not hosts suggests that this is not a layer3 firewall, so you may find that traffic is also being proxied.
If that is the case, you may also need SSL bypass added for those domains as the mitm ssl inspection out of the box on devices "like" bluecoat and palo alto will fail the TLS verification Splunk performs when accessing splunk.com sites.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As an alternative, if you can go directly to splunkbase and download the app to a local machine in your network, you can then install it through the GUI on your Splunk Instance from within your company network.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do this, but I would like to solve this problem
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Installing and updating apps use the same site. What error do you get when you try to update?
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's the message I get as a splunk horse:
The splunkd daemon cannot be reached by splunkweb. Check that there are no blocked network ports or that splunkd is still running. Click here to return to Splunk homepage.
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
Splunk Education Goes to Washington | Splunk GovSummit 2024
