Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC)

sc_admin_prachi
New Member
3 weeks ago

We are currently integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC) at the endpoint:

https://prd-p-1zjgq.splunkcloud.com:8088

During TLS validation, we encounter the following issue:

  • The server presents a certificate with Common Name (CN): SplunkServerDefaultCert

  • This CN does not match the expected hostname prd-p-1zjgq.splunkcloud.com

  • Despite trusting the SplunkCommonCA root certificate, TLS hostname verification fails with:

 
certificate subject name 'SplunkServerDefaultCert' does not match target host name 'prd-p-1zjgq.splunkcloud.com'
 

This leads to failed export attempts from the collector due to strict hostname validation.

Could you please advise:

  1. Is the current certificate with CN SplunkServerDefaultCert expected behavior for this Splunk Cloud HEC endpoint?

  2. If not, can you provide or generate a certificate with the correct hostname (CN or SAN) matching prd-p-1zjgq.splunkcloud.com for production use?

  3. If this is a known limitation, what is the recommended approach to securely connect to the HEC endpoint and avoid these TLS validation errors?

We want to ensure our integration is secure and compliant with TLS best practices, avoiding the need to disable hostname verification or skip certificate validation.

Thank you for your assistance.

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
3 weeks ago

Hi @sc_admin_prachi 

To cut a long story short - Yes, this is expected in a Splunk Cloud *Trial* environment. With a full production cloud stack you do get public trusted SSL certs (also the HEC is behind a load balancer and on port 443 for a non-trial stack).

For more information there is another answer with a similar issue at https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Cloud-Trial-HEC-HTTP-SSL-certificate-inv...

To overcome this you will need to disable SSL validation whilst working with the Splunk Cloud trial. 

The only other way I know to overcome this is to speak to Splunk Sales (https://www.splunk.com/en_us/about-splunk/contact-us.html) and let them know that the non-trusted cert on the trial stack is causing issues and see if they can create a proof-of-concept environment for you to work with. 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...