How to Configure Splunk to use a Web Proxy Server

Posted on Posted in General IT Info, Information Security

A Splunk server I installed was configured such that it could only communicate with hosts within the corporate network so it did not have direct internet access. This posed a problem when trying to use the “Browse Splunkbase” option in the Splunk administrator web interface. I also could not use the “iplocation” data-processing command.

This was the suggestion I got from Splunk Support which didn’t work for me for some reason. I am including it here for reference for someone where this solution may work for them:

You can set the environment variable HTTP_PROXY in the session shell.
You can set it in your /etc/bashrc or /etc/profile.

# Proxy Settings

I also found something in the forums:

The Splunk install I was running was version 3.4.9 which was on a CentOS 5 server. The Splunk installation was configured to autostart on boot. I ended up getting this to work by editing the /etc/init.d/splunk startup script file by adding the following to it:

# Proxy settings

Change “” to be the proxy server address and port for the proxy server that you want to use. So with the above lines added to my /etc/init.d/splunk file, the top portion of the file looked like this:

# /etc/init.d/splunk
# init script for Splunk.
# generated by 'splunk enable boot-start'.
# chkconfig: 2345 90 60
# description: Splunk indexer service
# Proxy settings

I put the setting into effect by restarting my Splunk service with the command: /sbin/service splunk restart

Splunk Logo

One thought on “How to Configure Splunk to use a Web Proxy Server

Leave a Reply

Your email address will not be published. Required fields are marked *