Getting Data In

Is there a way to configure HEC to receive both HTTP and HTTPS inputs

mettomm
Explorer

Hi there all.
I am in a bit of a catch 22.  I have a process that cannot send data over HTTPS data because the HEC is using a self-signed certificate and the process I am using will not allow that.  However, I cannot send HTTP because the HEC is set for HTTPS input and so is getting rejected by the Splunk HEC.

Is there a way to have the HEC collect BOTH HTTP and HTTPS and set the requirement based on the input?

Thanks

Labels (1)
0 Karma
1 Solution

mettomm
Explorer

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

View solution in original post

0 Karma

mettomm
Explorer

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

0 Karma

mettomm
Explorer

Thanks.
That was my thoughts as well.  However, I  know that there are ways to "tweak" inputs in Splunk and was just wanting to make sure that there was no other way to accomplish this.  

I will let this question set for a few days and see if there are other thoughts.

Thanks

0 Karma

isoutamo
SplunkTrust
SplunkTrust

At least some LBs (like F5) can listen both http and https and do a redirect to wanted port. That way you can use both on same address before real HEC input and use only one protocol between LB/VIP and HEC-listener(s).

somesoni2
Revered Legend

Splunk HEC is enabled per instance and it can either be HTTP or HTTPS. Having a separate Heavy Fwd for HTTP and HTTS would help here.

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...