Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can SSL be configured when sending data to Universal Forwarder through TCP connection from an external source?

ankithreddy777
Contributor
‎03-17-2017 01:36 PM

Hi,
Data is sent to Splunk Universal Forwarder (UF) through the TCP connection. From UF, data is forwarded to indexers. As we know SSL is supported by Splunk when Data is sent to Indexers. But can SSL be configured when sending data to Splunk UF through TCP connection from an external source?

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎03-17-2017 03:24 PM

As per Get data from TCP and UDP ports refer to :

Configure a TCP input over SSL

[tcp-ssl:]

Use this stanza type if you receive
encrypted, unparsed data from a
forwarder or third-party system. Set
to the port on which the
forwarder or third-party system is
sending unparsed, encrypted data.

So yes the universal forwarder can use a tcp-ssl stanza to receive encrypted SSL traffic as a listener...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...