Site Search
Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

How to turn off external communication from Splunk in settings

release date
2015-05-05
last updated
2017-05-26
version
Splunk Enterprise 9.0.5
Overview
This article explains how to turn off external communications from Splunk.
Reference information
content

About types of external communication

Splunk accesses URLs from A to D below.

  • A: Check the latest version of Splunk https://quickdraw.splunk.com/js/
  • B: Login page for Splunk.com https://www.splunk.com/page/sign_up
  • C: Online help information link https://quickdraw.splunk.com/help
  • D: Check latest version of App https://apps.splunk.com/api/apps

*The above links cannot be accessed directly from a browser. From version 6.5 onwards, in addition to A to D above, communications will also occur regarding E and F below. However, the destinations of E and F will not be disclosed.

From 6.5, in addition to A to D above, communication will also occur for E and F below. However, the communication destinations of E and F will not be disclosed.

  • E: Anonymized Usage Data * Splunk server performance information is sent to Splunk.
  • F: License Usage Data * License usage status is sent to Splunk.

*Please refer to the following document for the information sent by E and F.

https://docs.splunk.com/Documentation/Splunk/9.0.5/Admin/Shareperformancedata

If you want to disable access, do the following: In the case of Universal Forwarder, only D will be performed because D communication will occur if the App is installed.

*If the target configuration file does not exist, create a new one and add the settings.

[Setting procedure to disable access to A, B and C]

  • Add the following settings and save it:
    $SPLUNK_HOME/etc/system/local/web.conf
    [settings]
    updateCheckerBaseURL = 0
    userRegistrationURL =
    docsCheckerBaseURL =

    Configuration details:
    To disable A, write it as follows:
    updateCheckerBaseURL = 0
    To disable B, write it as follows:
    userRegistrationURL =
    To disable C, write it as follows:
    docsCheckerBaseURL =
    *The right side of the "=" in userRegistrationURL and docsCheckerBaseURL is blank.
  • Restart Splunk.

[Setting procedure to disable access to D (for all apps)]

  • Add the following settings and save it:
    $SPLUNK_HOME/etc/system/local/server.conf
    [applicationsManagement]
    allowInternetAccess = false
  • Restart Splunk.

[Setting procedure to disable access to D (set by App)]

To disable version checking on an app-by-app basis, follow the steps below.

  • Add the following settings and save.
    Setting location:
    $SPLUNK_HOME\etc\apps\<target app>\local\app.conf

    Setting contents;
    [package]
    check_for_updates = 0
  • Restart Splunk.

[Settings for disabling access to E]

  • Log in to Splunk.
  • Open Settings > Instrumentation > Gear.
  • Click "Disable" under Aggregated Usage Data and Support Usage Data.

[Settings for disabling access to F (applies to all apps)]

  • Add the following settings and save it:
    $SPLUNK_HOME/etc/system/local/telemetry.conf
    sendLicenseUsage = false
  • Restart Splunk.

*$SPLUNK_HOME is the installation directory. By default it is as follows.

<Linux>

Splunk Enterprise : /opt/splunk
Universal Forwarder : /opt/splunkforwarder

<Windows>

Splunk Enterprise : C:\Program Files\Splunk
Universal Forwarder : C:\Program Files\SplunkUniversalForwarder

that's all

to previous page