How to Configure Splunk to use a Web Proxy Server

A Splunk server I installed was configured such that it could only communicate with hosts within the corporate network so it did not have direct internet access. This posed a problem when trying to use the “Browse Splunkbase” option in the Splunk administrator web interface. I also could not use the “iplocation” data-processing command.

This was the suggestion I got from Splunk Support which didn’t work for me for some reason. I am including it here for reference for someone where this solution may work for them:

You can set the environment variable HTTP_PROXY in the session shell.
You can set it in your /etc/bashrc or /etc/profile.

# Proxy Settings
http_proxy=http://proxy.domain.com:8080
https_proxy=https://proxy.domain.com:8080

I also found something in the forums:
http://www.splunk.com/support/forum:SplunkGeneral/2531

The Splunk install I was running was version 3.4.9 which was on a CentOS 5 server. The Splunk installation was configured to autostart on boot. I ended up getting this to work by editing the /etc/init.d/splunk startup script file by adding the following to it:

# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

Change “proxy.domain.com:8080” to be the proxy server address and port for the proxy server that you want to use. So with the above lines added to my /etc/init.d/splunk file, the top portion of the file looked like this:

#!/bin/sh
#
# /etc/init.d/splunk
# init script for Splunk.
# generated by 'splunk enable boot-start'.
#
# chkconfig: 2345 90 60
# description: Splunk indexer service
#
SPLUNK_HOME="/opt/splunk"
RETVAL=0
# Proxy settings
HTTP_PROXY="http://proxy.domain.com:8080"
export HTTP_PROXY

I put the setting into effect by restarting my Splunk service with the command: /sbin/service splunk restart

Splunk Logo

Leave a Reply