Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to configure HEC to receive both HTTP and HTTPS inputs

mettomm
Explorer
‎02-22-2022 06:21 AM

Hi there all.
I am in a bit of a catch 22.  I have a process that cannot send data over HTTPS data because the HEC is using a self-signed certificate and the process I am using will not allow that.  However, I cannot send HTTP because the HEC is set for HTTPS input and so is getting rejected by the Splunk HEC.

Is there a way to have the HEC collect BOTH HTTP and HTTPS and set the requirement based on the input?

Thanks

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mettomm
Explorer
‎02-28-2022 04:55 AM

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mettomm
Explorer
‎02-28-2022 04:55 AM

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

0 Karma
Reply
Solved! Jump to solution

mettomm
Explorer
‎02-22-2022 06:52 AM

Thanks.
That was my thoughts as well.  However, I  know that there are ways to "tweak" inputs in Splunk and was just wanting to make sure that there was no other way to accomplish this.  

I will let this question set for a few days and see if there are other thoughts.

Thanks

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-22-2022 07:00 AM

At least some LBs (like F5) can listen both http and https and do a redirect to wanted port. That way you can use both on same address before real HEC input and use only one protocol between LB/VIP and HEC-listener(s).

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎02-22-2022 06:34 AM

Splunk HEC is enabled per instance and it can either be HTTP or HTTPS. Having a separate Heavy Fwd for HTTP and HTTS would help here.

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...