I'm trying to push logs to Splunk using Splunk HTTP appender in Log4j.
If I disable SSL in HTTP event Collector Global Settings, I can push the logs to Splunk successfully whereas if I enable SSL, I cannot see any logs. Is there some configuration missing as part of my log4j ? Please help.
enableSSL = [0|1]
* Whether or not the HTTP Event Collector uses SSL.
* HEC shares SSL settings with the Splunk management server and cannot have
SSL enabled when the Splunk management server has SSL disabled.
* Default: 1 (enabled).
* The full path to the server certificate PEM format file.
* The same file may also contain a private key.
* The Splunk software automatically generates certificates when it first
* You may replace the auto-generated certificate with your own certificate.
* Default: $SPLUNK_HOME/etc/auth/server.pem.
* The server certificate password.
* Initially set to a plain-text password.
* Upon first use, Splunk software encrypts and rewrites the password.
* Default: "password".
you have to configure above under stanza [http://] on the Splunk Enterprise where you have enabled HEC.
No point having Splunk internal certificates as sslPassword is known to all. Try to use 3rd party certificates.