Setup SSL for HEC (6.5.2)


Hi there,

I have setup my SSL for port 8000. Now I want to setup CORS and SSL for HEC.

I have used Let's Encrypt and have the following files:

In the following folder:


I have the following in my input.conf in directory (/opt/splunk/etc/apps/splunk_httpinput/local)

disabled = 0
sourcetype = _json
enableSSL = 1

disabled = 0
index = main
indexes = main
token =

In the documentation I cannot understand what I have to add exactly to the http-stanza.

Thanks so much for the help.

Tags (2)
0 Karma

Path Finder

That's our set-up

enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/
serverCert = /opt/splunk/etc/auth/splunkweb/

0 Karma


Found your question, had the same. Posted a solution here:

0 Karma


Set up and use HTTP Event Collector

Via the GUI:

  1. To have HEC listen and communicate over HTTPS rather than HTTP, click the Enable SSL checkbox.

Or inputs.conf

[http] enableSSL = [0|1]
* Whether or not to use SSL for the event collector endpoint server.
* HEC shares SSL settings with the Splunk management server and cannot
have 'enableSSL' set to true when
the Splunk management server has SSL
* Defaults to 0 (enabled).

It is on by default...

0 Karma
Get Updates on the Splunk Community!

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...