Hi all,
I'm very new to Splunk, so apologies if the question is common knowledge. I've found a lot of different posts describing the issue - but basically none which actually offers a (for me) viable solution. So I hope you can help me out.
Basically we have a webhook setup which can POST data upon different events in our software. This setup is serving a lot of different customers for various needs - not just one customers' Splunk setup. I've set up a HTTP Event Collector endpoint in my Splunk Cloud to receive the data, and created a webhook to send data to my Splunk HEC endpoint.
However - I can't send any data to the endpoint without disabling SSL validation, because Splunk uses self-signed certificates. I've seen a lot of different posts on how you just need to disable SSL validation, but that's not a great option in a production environment with a lot of different customers.
So my question is:
- How would I setup Splunk so that we can send HTTPS requests to our different customers Splunk endpoints without disabling SSL validation?
As we serve a lot of different customers, we can't have a per-customer certificate setup. We basically just need to be able to call the public HTTPS endpoint in splunk - preferably with SSL validation intact.
I really hope someone can help me shed a light on this. The only answer I seem to be able to find is either to install certificates (not an option in a SaaS solution) or to disable SSL validation, which I'm very hesitant to do.
Thanks a lot guys 🙂
