Splunk behind a Apache reverse proxy

In the last weeks Andreas has tested Splunk in our lab environment. To access the Frontend from outside the lab, i have configured Apache to work as a reverse proxy for Splunk.

  • Apache configuration
<VirtualHost www.external.fqdn:443>
 <IfModule mod_proxy.c>
  ProxyRequests                 Off
  SSLProxyEngine                On
  ProxyPreserveHost             On
 </IfModule>
 <Location /splunk>
  <IfModule mod_proxy.c>
    ProxyPass                   https://1.2.3.4:8000/splunk retry=0
    ProxyPassReverse            retry=0
  </IfModule>
 </Location>
</VirtualHost>
[settings]
 enableSplunkWebSSL = 1
 root_endpoint = /splunk
 tools.proxy.on = True

additional Documentation

This setup is not perfect, because it needs SSL to be enabled on the Splunk web frontend. Maybe it is possible to use mod_rewrite to change the URLs between https and http.

As a conclusion some Splunk screenshots. I’m sure Andreas will come up with a few in depth posts about Splunk and monitoring XenApp environments. Collecting log data from vCenter and the ESX hosts is another great use case for Splunk…

splunk_index_summary-300x165 splunk_data_view-300x145 splunk_data_pie-300x126