Hi,
I have a request from a customer to encrypt their feed to Splunk. The doc looks pretty simple, but after reading it, my impression is that all forwarders would then have to be configured to use encryption. Is that correct?
You can create a non-SSL listening port alongside an SSL port without any problem. Leave your default port 9997 as is and create a new port 9998 (for example) configured to use SSL (Settings->Forwarding and receiving). Fully supported, no need for trickery. 😉
You can create a non-SSL listening port alongside an SSL port without any problem. Leave your default port 9997 as is and create a new port 9998 (for example) configured to use SSL (Settings->Forwarding and receiving). Fully supported, no need for trickery. 😉
Nice! I'll try that. Thanks.