Proxy Requests to Splunk with Apache 2.2

When installing Splunk on a server with existing applications and Apache already setup and running, it’s easy to add support for Splunk via mod_proxy.

Although I believe it’s best to use virtual hosts to split out applications and setup proper DNS, in this example, I will be using the default virtual host (or none at all).

Step 1: Install Splunk

I won’t go into boring details of installing Splunk, but this post assumes the defaults on an RPM based distribution.

Step 2: Configure Splunk

In order to proxy, without a separate virtual host for Splunk, it’s best to set the root_endpoint in the Splunk web.conf to something Splunk-specific. Here is what I suggest:

root_endpoint = /splunk

Next, tell Splunk that it will be proxied, by setting the tools.proxy.on directive to True:

tools.proxy.on = True

Don’t forget to restart Splunk!

Step 3: Configure Apache to Proxy Requests

Ensure that mod_proxy is loaded in your apache config:

LoadModule proxy_module modules/mod_proxy.so

Next, add this bit of config to proxy the requests:

ProxyPass /splunk http://localhost:8000/splunk
ProxyPassReverse /splunk http://localhost:8000/splunk

Don’t forget to restart Apache!

Once that is finished, you will be able to access splunk via your server URL/splunk.


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *