Hi Splunkers,

I am trying to encrypt my data in lab to learn this feature. I need apply this feature in my financial customer, who have critical data.
In this case, I am using default splunk certification to test, located in C:\Program Files\Splunk\etc\auth

|| Splunk Server Windows 127.0.0.1:9998 || <---DATA ENCRYPTED--- || Universal Forwarder Windows ||

Universal Forwarder Windows
C:\Program Files\SplunkUniversalForwarder\etc\system\local\outputs.conf
[tcpout]
defaultGroup = default-autolb-group

[tcpout:default-autolb-group]
compressed = true
requireClientCert = false
server = 127.0.0.1:9998
sslCertPath = C:\Program Files\Splunk\etc\auth\server.pem
sslPassword = password
sslRootCAPath = C:\Program Files\Splunk\etc\auth\cacert.pem

Splunk Server
C:\Program Files\Splunk\etc\apps\search\local\inputs.conf

[splunktcp-ssl:9998]
connection_host = ip
compressed = true

[SSL]
serverCert = C:\Program Files\Splunk\etc\auth\server.pem
rootCA = C:\Program Files\Splunk\etc\auth\cacert.pem
requireClientCert = false
password = password

When I did a search, I didn't see data in my Splunk.

Anyone have any idea ?

Cheers!