Hi there,
I have setup my SSL for port 8000. Now I want to setup CORS and SSL for HEC.
I have used Let's Encrypt and have the following files:
cert.pem
fullchain.pem
privkey.pem
chain.pem
In the following folder:
/opt/splunk/etc/auth/analyticsimplementatie
I have the following in my input.conf in directory (/opt/splunk/etc/apps/splunk_httpinput/local)
[http]
disabled = 0
sourcetype = _json
enableSSL = 1
[http://Test]
disabled = 0
index = main
indexes = main
token =
In the documentation I cannot understand what I have to add exactly to the http-stanza.
Thanks so much for the help.
That's our set-up
[http]
enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.key
serverCert = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.pem
Found your question, had the same. Posted a solution here:
answers.splunk.com/answers/462131/securing-http-event-collector.html
Set up and use HTTP Event Collector
Via the GUI:
- To have HEC listen and communicate over HTTPS rather than HTTP, click the Enable SSL checkbox.
Or inputs.conf
[http] enableSSL = [0|1]
* Whether or not to use SSL for the event collector endpoint server.
* HEC shares SSL settings with the Splunk management server and cannot
have 'enableSSL' set to true when
the Splunk management server has SSL
disabled.
* Defaults to 0 (enabled).
It is on by default...