Hi there all.
I am in a bit of a catch 22. I have a process that cannot send data over HTTPS data because the HEC is using a self-signed certificate and the process I am using will not allow that. However, I cannot send HTTP because the HEC is set for HTTPS input and so is getting rejected by the Splunk HEC.
Is there a way to have the HEC collect BOTH HTTP and HTTPS and set the requirement based on the input?
That was my thoughts as well. However, I know that there are ways to "tweak" inputs in Splunk and was just wanting to make sure that there was no other way to accomplish this.
I will let this question set for a few days and see if there are other thoughts.
At least some LBs (like F5) can listen both http and https and do a redirect to wanted port. That way you can use both on same address before real HEC input and use only one protocol between LB/VIP and HEC-listener(s).