I know that Splunk doesn't support monitoring of encrypted data.
But I want to know what happens when Splunk tries to monitor encrypted archive data,
because I think that there is a possibility that Splunk accidentally monitored encrypted archive data when I configure dir monitoring.
In whatever form (collapsed etc.), does Splunk capture those data?
Are there any effects to performance?
Can I detect monitoring of encrypted data from internal log or other some information?