forward data to non-splunk system over tcp using s...

monzy · ‎11-09-2013

i would like to forward to data out of a splunk indexer to a non-splunk system. is there a way to do this via tcp using ssl ? the 'Forward data to third-party systems' page does not mention ssl: http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Forwarddatatothird-partysystemsd

jtrucks · ‎11-11-2013

Looking at the outputs.conf, documentation, there are several sections for SSL config, and as long as you set:

sendCookedData = false

… it should work. At a minimum, as indicated in the quote from the outputs.conf page below, you must set sslCertPath which will enable SSL on that connection.

#----SSL Settings----

# To set up SSL on the forwarder, set the following attribute/value pairs.
# If you want to use SSL for authentication, add a stanza for each receiver that must be 
# certified.

sslCertPath = <path>
* If specified, this connection will use SSL.  
* This is the path to the client certificate.
* There is no default value.

--
Jesse Trucks
Minister of Magic

forward data to non-splunk system over tcp using ssl

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation