Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC)

sc_admin_prachi
Observer
‎10-07-2025 01:25 AM

We are currently integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC) at the endpoint:

https://prd-p-1zjgq.splunkcloud.com:8088

During TLS validation, we encounter the following issue:

  • The server presents a certificate with Common Name (CN): SplunkServerDefaultCert

  • This CN does not match the expected hostname prd-p-1zjgq.splunkcloud.com

  • Despite trusting the SplunkCommonCA root certificate, TLS hostname verification fails with:

 
certificate subject name 'SplunkServerDefaultCert' does not match target host name 'prd-p-1zjgq.splunkcloud.com'
 

This leads to failed export attempts from the collector due to strict hostname validation.

Could you please advise:

  1. Is the current certificate with CN SplunkServerDefaultCert expected behavior for this Splunk Cloud HEC endpoint?

  2. If not, can you provide or generate a certificate with the correct hostname (CN or SAN) matching prd-p-1zjgq.splunkcloud.com for production use?

  3. If this is a known limitation, what is the recommended approach to securely connect to the HEC endpoint and avoid these TLS validation errors?

We want to ensure our integration is secure and compliant with TLS best practices, avoiding the need to disable hostname verification or skip certificate validation.

Thank you for your assistance.

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎10-07-2025 01:41 AM

Hi @sc_admin_prachi 

To cut a long story short - Yes, this is expected in a Splunk Cloud *Trial* environment. With a full production cloud stack you do get public trusted SSL certs (also the HEC is behind a load balancer and on port 443 for a non-trial stack).

For more information there is another answer with a similar issue at https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Cloud-Trial-HEC-HTTP-SSL-certificate-inv...

To overcome this you will need to disable SSL validation whilst working with the Splunk Cloud trial. 

The only other way I know to overcome this is to speak to Splunk Sales (https://www.splunk.com/en_us/about-splunk/contact-us.html) and let them know that the non-trusted cert on the trial stack is causing issues and see if they can create a proof-of-concept environment for you to work with. 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...