The splunk server is located behind a proxy, and i'm getting a lot of "threat list download failed after multiple retries" error messages.
From my logs I can see that the download is attempted directly, and not through the proxy.
What do I need to configure and where?
I too have the same issue.but i had configured the proxy
I am working on this myself, still getting failures after configuring proxy info. Does proxy server field need to be populated in http:\ format, or does just the ip address of the proxy suffice in that field?
Just enter the hostname or ip address.
Note also there were a bug in older versions if you were using proxy authentication under certain conditions (I assume it is resolved now). Are you using authentication ?
If it does not work, look for your proxy logs in Splunk 🙂
Hello, you need to configure first the proxy setting in each threat (Configure / Data Enrichment / Threat list), and if needed authentication in Configure / General / Credential management. And it should work !