Getting Data In

How to configure Splunk forwarder to encrypt data?

plenderj
Engager

I have recently (yesterday) installed a new instance of Splunk on a VM.
Another VM in a separate datacentre has the Splunk forwarder installed on it.

Whilst the data being indexed isn't highly sensitive, I'd like to have the data encrypted anyway as it's passing over the public internet.

What's the minimum/easiest/quickest way to get encryption up and running?

Labels (1)
0 Karma
1 Solution

MuS
Legend

Hi plenderj,

enable SSL communication between universal forwarder and indexer is the fastest and easiest way. Read more about it in the docs about About securing data from forwarders.

hope this helps ...

cheers, MuS

View solution in original post

MuS
Legend

Hi plenderj,

enable SSL communication between universal forwarder and indexer is the fastest and easiest way. Read more about it in the docs about About securing data from forwarders.

hope this helps ...

cheers, MuS

VatsalJagani
SplunkTrust
SplunkTrust

Update 2023-06-09

 

The latest link for data encryption from forwarder to indexer - https://docs.splunk.com/Documentation/Splunk/latest/Security/ConfigureSplunkforwardingtousesignedcer... 

0 Karma

johnebgood
Path Finder

MuS
Legend

Thanks for the new link. Over time and version changes, some Splunk doc links stopped working.

0 Karma

plenderj
Engager

Works like a charm 🙂

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...