Getting Data In

Why don't UFs parse data when docs say splunktcp-ssl is only for "parsed" data to indexers?

Path Finder

According to the Splunk documentation on the attribute [splunktcp-ssl:<port>] it states that:

 * Use this stanza type if you are receiving encrypted, parsed data from a forwarder."

UFs cook, but do not 'parse' the data.  Thus, is this effective to send encrypted data from the UF to indexers?

Labels (1)
0 Karma


I think this may be a place where the documentation needs improvement.  Splunk Cloud uses SSL exclusively with UFs so you should be able to, also.

If this reply helps you, Karma would be appreciated.

Splunk Employee
Splunk Employee

Please submit feedback using the form at the bottom of the documentation page you are looking at. That creates a ticket for the doc team and we will follow up, thank you!

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...