Getting Data In
Highlighted

Routing received data TO an external HEC via HTTPS?

Explorer

Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (HEC)? We have the requirement to forward off a subset of data to a third-party that has a HEC-equivalent endpoint, but need to do so securely (and be selective about what we send)

Any help greatly appreciated!

0 Karma
Highlighted

Re: Routing received data TO an external HEC via HTTPS?

Path Finder

Hi Beaker77,

Kindly check the below link, it will help you for the same.

http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd

0 Karma
Highlighted

Re: Routing received data TO an external HEC via HTTPS?

Explorer

Hi @abhijeet01 - Thanks for that. Unfortunately this covers only a raw TCP stream or forwarding to a Syslog server, and is restricted to a server:port target as opposed to a HTTPS or REST-based endpoint.

Also, because the endpoint is not Splunk, sendCookedData must be set to false, and (as far as I am aware) this will result in the data being sent in cleartext which is not an option (at minimum we require HTTPS/TLS1.2)

0 Karma