forward data to non-splunk system over tcp using ssl


i would like to forward to data out of a splunk indexer to a non-splunk system. is there a way to do this via tcp using ssl ? the 'Forward data to third-party systems' page does not mention ssl:

0 Karma

Splunk Employee
Splunk Employee

Looking at the outputs.conf, documentation, there are several sections for SSL config, and as long as you set:

sendCookedData = false

… it should work. At a minimum, as indicated in the quote from the outputs.conf page below, you must set sslCertPath which will enable SSL on that connection.

#----SSL Settings----

# To set up SSL on the forwarder, set the following attribute/value pairs.
# If you want to use SSL for authentication, add a stanza for each receiver that must be 
# certified.

sslCertPath = <path>
* If specified, this connection will use SSL.  
* This is the path to the client certificate.
* There is no default value.
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!