Re: Indexing data through TLS certificate

abhijeetbandre · ‎01-21-2025

Hi,

So I wanted to check some possibilities of indexing data using TLS/SSL certificates.

1. I configured TLS only on the indexer, not on the heavy forwarder and data stopped indexing, but why? I did the same in the opposite direction.

2. Is it possible to configure TLS/SSL certificates on the "universal forwarder" and make a connection with the indexer? Will it work?

3. Can we index data using two different ports? For example 9997 - without TLS and 9998 - with TLS.

richgalloway · ‎01-21-2025

1. Both ends must be using the same type of connection. If the indexer is told to expect TLS then it will reject any non-TLS connection attempts. Without a connection, data cannot be indexed.

2. Yes, it is possible and is done all the time in Splunk Cloud.

3. Yes, you can. In fact, TLS and non-TLS connections *must* be on separate ports.

---
If this reply helps you, Karma would be appreciated.

Indexing data through TLS certificate

data

inputs.conf

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?