we are using Splunk 7.3.4 , wanted to confirm the data indexed is not encrypted by default
Raw data is compressed (see journalCompression in https://docs.splunk.com/Documentation/Splunk/7.3.4/Admin/Indexesconf), but it is not encrypted.
Splunk offers encryption at rest in the Splunk Cloud product.
On-premise solutions would typically use file system or block level encryption.
View solution in original post