Re: Splunk Forwarder SSL Configuration

jwelters · ‎06-20-2013

Currently we are using a basic splunk configuration for the outputs.conf on all of our clients.

[tcpout:indexerGroup]
server=server1:8182,server2:8182,server3:8182

We are working on enabling SSL which can ba accomplisehd by doing :
[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
compressed = true
server = server3:9998
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = $1$iYxeTtEVRyXQ
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false

The above for SSL accomplishes this for one servers, we need to have the same functionality as current. How do I enable SSL forwarding in a round robin manner as we are using today ?

In addition is it possible to use a single port in splunk to listen for both SSL and non SSL connections ?

adrianathome · ‎06-21-2013

You can have a server=server1:1234,server2:1234 line. To do the round robin autoLB=true.

jwelters · ‎06-24-2013

Yes, but how do I do that with SSL enabled ? We already have that working without SSL.

Splunk Forwarder SSL Configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation