https://community.splunk.com/t5/Getting-Data-In/What-is-S2S-Protocol-Specification/m-p/620430#M106916 <P>The Splunk-to-Splunk protocol is proprietary.&nbsp; There are no public documents about it.</P> Thu, 10 Nov 2022 13:59:18 GMT richgalloway 2022-11-10T13:59:18Z https://community.splunk.com/t5/Getting-Data-In/What-is-S2S-Protocol-Specification/m-p/620372#M106911 <P>Good Morning,</P> <P>I’m looking for the specification of the S2S protocol.</P> <P>We have some trouble with getting splunk uf data through a Palo Alto Firewall.&nbsp;<BR />the firewall has a Application Profile Engine.</P> <P>So it not just looks at layer 4 for IP/Port and Protocol but also certain Aspekts of the packet like headers….</P> <P>There is no predefined profile for splunk S2S so we need to create it, but I can‘t find the docs for Protocol definition.&nbsp;<BR />We are aware of the fact that it is possible to bypass this App engine and do a layer 4 filtering.</P> <P>But it would be the only application in the company to do that and the fact that it would be for a Internet facing service and a security service seams &nbsp;off. 🫣</P> <P>We where adviced to use S2S over HEC for Stability reasons if it does not work out we have to switch but for now we want to try make it work.&nbsp;</P> Thu, 10 Nov 2022 15:39:44 GMT https://community.splunk.com/t5/Getting-Data-In/What-is-S2S-Protocol-Specification/m-p/620372#M106911 florianhh 2022-11-10T15:39:44Z https://community.splunk.com/t5/Getting-Data-In/What-is-S2S-Protocol-Specification/m-p/620430#M106916 <P>The Splunk-to-Splunk protocol is proprietary.&nbsp; There are no public documents about it.</P> Thu, 10 Nov 2022 13:59:18 GMT https://community.splunk.com/t5/Getting-Data-In/What-is-S2S-Protocol-Specification/m-p/620430#M106916 richgalloway 2022-11-10T13:59:18Z