The documentation for SDK suggests it is built on SPLUNK REST API, which means it should be HTTPS by default. We have tried using WireShark to check if the messages sent by our c# dotnet application to SPLUNK Indexer were encrypted or not; but we found encryption is not happening. So my question is if we need to force SSL for all incoming connections to the Indexer via some configuration settings. Please assist. Thanks.
By default the splunkd port (8089) that's used for all REST calls will only accept SSL encrypted connections. SSL can be disabled, but that's generally not recommended and is not the default setting. Which port are you seeing this unencrypted traffic on?