i would like to forward to data out of a splunk indexer to a non-splunk system. is there a way to do this via tcp using ssl ? the 'Forward data to third-party systems' page does not mention ssl: http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Forwarddatatothird-partysystemsd
Looking at the outputs.conf, documentation, there are several sections for SSL config, and as long as you set:
sendCookedData = false
… it should work. At a minimum, as indicated in the quote from the outputs.conf page below, you must set sslCertPath
which will enable SSL on that connection.
#----SSL Settings----
# To set up SSL on the forwarder, set the following attribute/value pairs.
# If you want to use SSL for authentication, add a stanza for each receiver that must be
# certified.
sslCertPath = <path>
* If specified, this connection will use SSL.
* This is the path to the client certificate.
* There is no default value.