Getting Data In
Highlighted

Is it possible to encrypt traffic between the forwarder and indexer, but store the collected logs in clear text?

New Member

I am using the latest universal forwarder and I enabled SSL encryption. The collected logs stored are encrypted in the indexes path C:\Program Files\Splunk\var\lib\splunk\Index_Name\db, but need to encrypt traffic between the indexer and forwarder only and store log files as is in the indexer server (Clear text).
Is this possible ?

Thanks.

0 Karma
Highlighted

Re: Is it possible to encrypt traffic between the forwarder and indexer, but store the collected logs in clear text?

Ultra Champion

Not really, the data in splunk is in a particular format (the splunk index/bucket file storage)
so it is not in clear.

You could eventually export the result of search over the data in a "raw" format. But it will not be practical if you want to export all our data all the time.

0 Karma