In the last weeks Andreas has tested Splunk in our lab environment. To access the Frontend from outside the lab, i have configured Apache to work as a reverse proxy for Splunk.
- Apache configuration
<VirtualHost www.external.fqdn:443> <IfModule mod_proxy.c> ProxyRequests Off SSLProxyEngine On ProxyPreserveHost On </IfModule> <Location /splunk> <IfModule mod_proxy.c> ProxyPass https://22.214.171.124:8000/splunk retry=0 ProxyPassReverse retry=0 </IfModule> </Location> </VirtualHost>
additional Documentation: mod_proxy – Apache HTTP Server
Splunk configuration in Splunk\etc\system\local\web.conf
[settings] enableSplunkWebSSL = 1 root_endpoint = /splunk tools.proxy.on = True
- Splunk behind reverse proxy
- How to access splunk web interface behind Nginx
- BehindApache – CherryPy Tools
- Configuring splunkweb behind an ssl enabled reverse proxy
- Admin Manual – web.conf
- Placing Splunk behind a Web proxy
This setup is not perfect, because it needs SSL to be enabled on the Splunk web frontend. Maybe it is possible to use mod_rewrite to change the URLs between https and http.
As a conclusion some Splunk screenshots. I’m sure Andreas will come up with a few in depth posts about Splunk and monitoring XenApp environments. Collecting log data from vCenter and the ESX hosts is another great use case for Splunk…