Solved: SSL comms for instrumenting JVM in the cloud

Skins · ‎12-11-2017

How best could this agent be used to instrument a JVM in the cloud ? (AWS) - how could we encrypt the data streamed to an on-prem instance of Splunk ?

via HEC ? we also intend to deploy a UF in the env to collect os (linux metrics etc) can you send the instrumented data to the UF then send that back to the on-prem instance ?

gratzi

Damien_Dallimor · ‎12-11-2017

Re: the JVM Agent...the example configuration file that ships with the agent shows how to use HEC as the transport

Re: forwarding options from a UF , outputs.conf reference is your friend 🙂 So you could forward cooked or uncooked data over TCP back to your on-premise indexers (firewalls permitting of course).

View solution in original post

Damien_Dallimor · ‎12-11-2017

Re: the JVM Agent...the example configuration file that ships with the agent shows how to use HEC as the transport

Re: forwarding options from a UF , outputs.conf reference is your friend 🙂 So you could forward cooked or uncooked data over TCP back to your on-premise indexers (firewalls permitting of course).

Skins · ‎12-11-2017

Thanks Damien - as both provide a solution - which would you use as a preference?

i would go with sending to the UF > index tier as that would require less config, a single data channel, less FW config?

would you concur?

Damien_Dallimor · ‎12-11-2017

I concur , simplest and least moving parts is always best.

SSL comms for instrumenting JVM in the cloud

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann