Reporting

forward data to non-splunk system over tcp using ssl

monzy
Communicator

i would like to forward to data out of a splunk indexer to a non-splunk system. is there a way to do this via tcp using ssl ? the 'Forward data to third-party systems' page does not mention ssl: http://docs.splunk.com/Documentation/Splunk/6.0/Forwarding/Forwarddatatothird-partysystemsd

0 Karma

jtrucks
Splunk Employee
Splunk Employee

Looking at the outputs.conf, documentation, there are several sections for SSL config, and as long as you set:

sendCookedData = false

… it should work. At a minimum, as indicated in the quote from the outputs.conf page below, you must set sslCertPath which will enable SSL on that connection.

#----SSL Settings----

# To set up SSL on the forwarder, set the following attribute/value pairs.
# If you want to use SSL for authentication, add a stanza for each receiver that must be 
# certified.

sslCertPath = <path>
* If specified, this connection will use SSL.  
* This is the path to the client certificate.
* There is no default value.
--
Jesse Trucks
Minister of Magic
Get Updates on the Splunk Community!

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...

Platform Highlights | January 2023 Newsletter

 January 2023Peace on Earth and Peace of Mind With Business ResilienceAll organizations can start the new year ...