I'm trying to create a token in the HttpEventCollector input and I get the error: "A token cannot have individual configuration for sslVersions".
I am required to only allow splunk to use tls1.1 or tls1.2 for ssl. Therefore, I have the settings below. Is there a way a way around this?
inputs.conf:
[default]
sslVersion=tls1.1,tls1.2
server.conf:
[sslConfig]
sslVersion=tls1.1,tls1.2
web.conf:
[settings]
sslVersions=tsl1.1,tls1.2
The token I'm trying to create has these values:
Input Type: Token
Name: accm
source name override: N/a
Description: N/A
Enable indexer acknowledgements: yes
output group: N/A
Allowed indexes: accm_idx
source type: accm-json
Hello,
Please remove sslVersion=tls1.1,tls1.2
from [default]
section of your inputs.conf
file and instead put it under [SSL]
section of your inputs.conf
file followed by a Splunk service restart.
inputs.conf:
[SSL]
sslVersion=tls1.1,tls1.2
The issue exists because when you put sslVersion
under [default]
stanza of your inputs.conf
file, it gets copied into each HTTP Event Collector Token stanza ( http://<INPUT-NAME>;
). This should not be happening and is most likely a bug. When specifying sslVersion
under [default]
stanza of your inputs.conf
, the intended/desired behavior should be the same as when specifying sslVersion
under the [http]
stanza of your inputs.conf
file.