Getting Data In

Is it possible to encrypt traffic between the forwarder and indexer, but store the collected logs in clear text?

New Member

I am using the latest universal forwarder and I enabled SSL encryption. The collected logs stored are encrypted in the indexes path C:\Program Files\Splunk\var\lib\splunk\Index_Name\db, but need to encrypt traffic between the indexer and forwarder only and store log files as is in the indexer server (Clear text).
Is this possible ?


0 Karma

Splunk Employee
Splunk Employee

Not really, the data in splunk is in a particular format (the splunk index/bucket file storage)
so it is not in clear.

You could eventually export the result of search over the data in a "raw" format. But it will not be practical if you want to export all our data all the time.

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...