Splunk Forwarder SSL Configuration

jwelters · ‎06-20-2013

Currently we are using a basic splunk configuration for the outputs.conf on all of our clients.

[tcpout:indexerGroup]
server=server1:8182,server2:8182,server3:8182

We are working on enabling SSL which can ba accomplisehd by doing :
[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
compressed = true
server = server3:9998
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = $1$iYxeTtEVRyXQ
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false

The above for SSL accomplishes this for one servers, we need to have the same functionality as current. How do I enable SSL forwarding in a round robin manner as we are using today ?

In addition is it possible to use a single port in splunk to listen for both SSL and non SSL connections ?

adrianathome · ‎06-21-2013

You can have a server=server1:1234,server2:1234 line. To do the round robin autoLB=true.

jwelters · ‎06-24-2013

Yes, but how do I do that with SSL enabled ? We already have that working without SSL.

Splunk Forwarder SSL Configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Join the Conversation

Splunk Forwarder SSL Configuration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series May & June: From Network Visibility to Service Intelligence

Global Splunk User Group Events: May + June 2026

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas