Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

forward data to non-splunk system over tcp using ssl

monzy
Communicator
‎11-09-2013 09:09 PM

i would like to forward to data out of a splunk indexer to a non-splunk system. is there a way to do this via tcp using ssl ? the 'Forward data to third-party systems' page does not mention ssl: http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Forwarddatatothird-partysystemsd

0 Karma
Reply

jtrucks
Splunk Employee
Splunk Employee
‎11-11-2013 06:46 AM

Looking at the outputs.conf, documentation, there are several sections for SSL config, and as long as you set:

sendCookedData = false

… it should work. At a minimum, as indicated in the quote from the outputs.conf page below, you must set sslCertPath which will enable SSL on that connection.

#----SSL Settings----

# To set up SSL on the forwarder, set the following attribute/value pairs.
# If you want to use SSL for authentication, add a stanza for each receiver that must be 
# certified.

sslCertPath = <path>
* If specified, this connection will use SSL.  
* This is the path to the client certificate.
* There is no default value.
--
Jesse Trucks
Minister of Magic
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...