When installing Splunk on a server with existing applications and Apache already setup and running, it’s easy to add support for Splunk via mod_proxy.
Although I believe it’s best to use virtual hosts to split out applications and setup proper DNS, in this example, I will be using the default virtual host (or none at all).
Step 1: Install Splunk
I won’t go into boring details of installing Splunk, but this post assumes the defaults on an RPM based distribution.
Step 2: Configure Splunk
In order to proxy, without a separate virtual host for Splunk, it’s best to set the root_endpoint in the Splunk web.conf to something Splunk-specific. Here is what I suggest:
root_endpoint = /splunk
Next, tell Splunk that it will be proxied, by setting the tools.proxy.on directive to True:
tools.proxy.on = True
Don’t forget to restart Splunk!
Step 3: Configure Apache to Proxy Requests
Ensure that mod_proxy is loaded in your apache config:
LoadModule proxy_module modules/mod_proxy.so
Next, add this bit of config to proxy the requests:
ProxyPass /splunk http://localhost:8000/splunk ProxyPassReverse /splunk http://localhost:8000/splunk
Don’t forget to restart Apache!
Once that is finished, you will be able to access splunk via your server URL/splunk.