Getting Data In

Why don't UFs parse data when docs say splunktcp-ssl is only for "parsed" data to indexers?

dokaas_2
Path Finder

According to the Splunk documentation on the attribute [splunktcp-ssl:<port>] it states that:

 * Use this stanza type if you are receiving encrypted, parsed data from a forwarder."

UFs cook, but do not 'parse' the data.  Thus, is this effective to send encrypted data from the UF to indexers?

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

I think this may be a place where the documentation needs improvement.  Splunk Cloud uses SSL exclusively with UFs so you should be able to, also.

---
If this reply helps you, Karma would be appreciated.

ChrisG
Splunk Employee
Splunk Employee

Please submit feedback using the form at the bottom of the documentation page you are looking at. That creates a ticket for the doc team and we will follow up, thank you!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...