Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC)

sc_admin_prachi
Observer
‎10-07-2025 01:25 AM

We are currently integrating our OpenTelemetry Collector with the Splunk HTTP Event Collector (HEC) at the endpoint:

https://prd-p-1zjgq.splunkcloud.com:8088

During TLS validation, we encounter the following issue:

  • The server presents a certificate with Common Name (CN): SplunkServerDefaultCert

  • This CN does not match the expected hostname prd-p-1zjgq.splunkcloud.com

  • Despite trusting the SplunkCommonCA root certificate, TLS hostname verification fails with:

 
certificate subject name 'SplunkServerDefaultCert' does not match target host name 'prd-p-1zjgq.splunkcloud.com'
 

This leads to failed export attempts from the collector due to strict hostname validation.

Could you please advise:

  1. Is the current certificate with CN SplunkServerDefaultCert expected behavior for this Splunk Cloud HEC endpoint?

  2. If not, can you provide or generate a certificate with the correct hostname (CN or SAN) matching prd-p-1zjgq.splunkcloud.com for production use?

  3. If this is a known limitation, what is the recommended approach to securely connect to the HEC endpoint and avoid these TLS validation errors?

We want to ensure our integration is secure and compliant with TLS best practices, avoiding the need to disable hostname verification or skip certificate validation.

Thank you for your assistance.

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎10-07-2025 01:41 AM

Hi @sc_admin_prachi 

To cut a long story short - Yes, this is expected in a Splunk Cloud *Trial* environment. With a full production cloud stack you do get public trusted SSL certs (also the HEC is behind a load balancer and on port 443 for a non-trial stack).

For more information there is another answer with a similar issue at https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-Cloud-Trial-HEC-HTTP-SSL-certificate-inv...

To overcome this you will need to disable SSL validation whilst working with the Splunk Cloud trial. 

The only other way I know to overcome this is to speak to Splunk Sales (https://www.splunk.com/en_us/about-splunk/contact-us.html) and let them know that the non-trusted cert on the trial stack is causing issues and see if they can create a proof-of-concept environment for you to work with. 

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...