Hi,
I'm using Splunk Cloud with an HEC configured via Settings --> Data Inputs --> HTTP Event Collector
I can submit an event via curl
, but when attempting to send via AWS Firehose, it fails with an SSL error.
It appears that the SSL cert installed on the HEC is a self-signed certificate.
How can I get the Splunk Cloud HEC configured with a valid cert?
Hi,
I would recomend you use a Heavy Forwarder as your HEC endpoint, then send your data on to the Splunk Cloud via normal forwarder method.
A ticket would need to be raised with the Splunk Cloud team, to get the Certificate fixed.
If you do this via a heavy forwarder, look through this section of the manual "AboutsecuringyourSplunkconfigurationwithSSL"
If you would like a good presentation to talk you through setting up, this is a simple guide around the SSL certificate. Best Practices Configuration for Splunk SSL
https://docs.splunk.com/Documentation/Splunk/7.1.2/Security/AboutsecuringyourSplunkconfigurationwith...
https://conf.splunk.com/session/2015/conf2015_DWaddle_DefensePointSecurity_deploying_SplunkSSLBestPr...