<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic How to use SSL validation with HEC? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/How-to-use-SSL-validation-with-HEC/m-p/609763#M105698</link>
    <description>&lt;P&gt;Hi all,&lt;/P&gt;
&lt;P&gt;I'm very new to Splunk, so apologies if the question is common knowledge. I've found a lot of different posts describing the issue - but basically none which actually offers a (for me) viable solution. So I hope you can help me out.&lt;/P&gt;
&lt;P&gt;Basically we have a webhook setup which can POST data upon different events in our software. This setup is serving a lot of different customers for various needs - not just one customers' Splunk setup. I've set up a HTTP Event Collector endpoint in my Splunk Cloud to receive the data, and created a webhook to send data to my Splunk HEC endpoint.&lt;/P&gt;
&lt;P&gt;However - I can't send any data to the endpoint without disabling SSL validation, because Splunk uses self-signed certificates. I've seen a lot of different posts on how you just need to disable SSL validation, but that's not a great option in a production environment with a lot of different customers.&lt;/P&gt;
&lt;P&gt;So my question is:&amp;nbsp;&lt;/P&gt;
&lt;P&gt;- How would I setup Splunk so that we can send HTTPS requests to our different customers Splunk endpoints without disabling SSL validation?&lt;/P&gt;
&lt;P&gt;As we serve a lot of different customers, we can't have a per-customer certificate setup. We basically just need to be able to call the public HTTPS endpoint in splunk - preferably with SSL validation intact.&lt;/P&gt;
&lt;P&gt;I really hope someone can help me shed a light on this. The only answer I seem to be able to find is either to install certificates (not an option in a SaaS solution) or to disable SSL validation, which I'm very hesitant to do.&lt;/P&gt;
&lt;P&gt;Thanks a lot guys &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;</description>
    <pubDate>Wed, 17 Aug 2022 14:40:54 GMT</pubDate>
    <dc:creator>FastTrack</dc:creator>
    <dc:date>2022-08-17T14:40:54Z</dc:date>
    <item>
      <title>How to use SSL validation with HEC?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/How-to-use-SSL-validation-with-HEC/m-p/609763#M105698</link>
      <description>&lt;P&gt;Hi all,&lt;/P&gt;
&lt;P&gt;I'm very new to Splunk, so apologies if the question is common knowledge. I've found a lot of different posts describing the issue - but basically none which actually offers a (for me) viable solution. So I hope you can help me out.&lt;/P&gt;
&lt;P&gt;Basically we have a webhook setup which can POST data upon different events in our software. This setup is serving a lot of different customers for various needs - not just one customers' Splunk setup. I've set up a HTTP Event Collector endpoint in my Splunk Cloud to receive the data, and created a webhook to send data to my Splunk HEC endpoint.&lt;/P&gt;
&lt;P&gt;However - I can't send any data to the endpoint without disabling SSL validation, because Splunk uses self-signed certificates. I've seen a lot of different posts on how you just need to disable SSL validation, but that's not a great option in a production environment with a lot of different customers.&lt;/P&gt;
&lt;P&gt;So my question is:&amp;nbsp;&lt;/P&gt;
&lt;P&gt;- How would I setup Splunk so that we can send HTTPS requests to our different customers Splunk endpoints without disabling SSL validation?&lt;/P&gt;
&lt;P&gt;As we serve a lot of different customers, we can't have a per-customer certificate setup. We basically just need to be able to call the public HTTPS endpoint in splunk - preferably with SSL validation intact.&lt;/P&gt;
&lt;P&gt;I really hope someone can help me shed a light on this. The only answer I seem to be able to find is either to install certificates (not an option in a SaaS solution) or to disable SSL validation, which I'm very hesitant to do.&lt;/P&gt;
&lt;P&gt;Thanks a lot guys &lt;span class="lia-unicode-emoji" title=":slightly_smiling_face:"&gt;🙂&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 17 Aug 2022 14:40:54 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/How-to-use-SSL-validation-with-HEC/m-p/609763#M105698</guid>
      <dc:creator>FastTrack</dc:creator>
      <dc:date>2022-08-17T14:40:54Z</dc:date>
    </item>
  </channel>
</rss>

