Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to forward data using squid proxy from HF to indexer?

jawadkhan
Loves-to-Learn
‎08-16-2023 09:03 PM

Hi all,

I am trying to implement Splunk in a particular use case. 

Use case I am trying to implement:

HF (configured proxy) > transfer data via internet > indexer

Kind share your knowledge. Further help would be highly appreciated. thanks

Labels (4)
Tags (4)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-17-2023 05:08 AM

Your description is a bit confusing. Please elaborate. What does HF to do with squid? It's a completely separate piece of software.

What do you want to do? Set up your HF to contact your destination indexer via proxy? You want your HF to be hidden behind a reverse-proxy? Something else?

And what's the goal?

0 Karma
Reply

jawadkhan
Loves-to-Learn
‎08-17-2023 05:18 PM

So the goal I am trying to achieve is that :

I want to forward data from HF which is behind squid proxy to Indexer which is on AWS EC2.

Drill:

HF (VM) -> (TCP9997, HTTP/HTTPS 443,80) Squid proxy -> (TCP997) Indexer.

Thanks

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-18-2023 12:38 AM

OK. So your HF's only way to internet is via a proxy server, right?

Unfortunately, s2s is not proxyable with http proxy as far as I know. You can only use socks5 proxy.

You could try to use httpout output to send to a hec port (in fact it's a s2s embedded in http, it's not exactly a hec output as such) and inherit the general proxy settings (https://docs.splunk.com/Documentation/Splunk/9.1.0/Admin/Serverconf#Splunkd_http_proxy_configuration ) but I'm not sure if it will work. But it's your only chance. If it doesn't work - you need to either open your firewall for this particular traffic directly or use socks proxy.

Anyway, if the idea behind allowing only proxied traffic is that "we will do content inspection, hurr, durr", it won't work.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...