It is disappointing that Splunk does not provide this capability out of the box. You would expect this from the tools.proxy.base setting but it just keeps pointing back to localhost:8000. So, to resolve termination of HTTPS traffic on my ELB and pass HTTP to the instance, I had to do add a reverse proxy. It is an overkill unfortunately @fman82 but easy to setup. In short, I added Nginx and setup a redirection of all 80 traffic to 443 using the following configuration: server { listen 80 default_server; listen [::]:80 default_server; server_name <elb.hostname.domain>; return 301 https://$host$request_uri; } Keep in mind you may need to open port 80 on the ELB and all the internal HTTP Splunk redirects are handled by Nginx.
... View more