Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can I enable SSL for a universal forwarder (public IP), but not for a local universal forwarder (private IP)?

arbabnazar
New Member
‎02-23-2016 08:08 AM

Hi,

Can I enable the SSL for the universal forwarder that will access it through the public ip, but not the forwarder that accesses Splunk from its private ip? Is it possible?

Thanks,

0 Karma
Reply

lguinn2
Legend
‎02-24-2016 05:41 PM

Yes - but you need to think about the indexers as well. On the indexer, you can have a receiving port that uses SSL. You can also have a receiving port that does not - but you can't have a single port that does both. So set up 2 ports: let's say 9995 for SSL and 9996 for non-SSL. Of course, you have to do the SSL setup for port 9995.

Then on the forwarder, you can have more than one stanza in outputs.conf - when you are sending to port 9995, you have to specify the SSL options. When you forward to port 9996, you don't need those options.

There is more information here:
Configure Splunkforwarding to use signed certificates
Splunk wiki article on using default certs

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...