Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is it Possible to Send Data to Splunk Without SSL Handshake?

rake
Engager
2 weeks ago

Hi,

I’m currently setting up a pipeline to send logs from AWS Kinesis Firehose to Splunk. I'm using Splunk’s Cloud Trial version as the destination endpoint, and my goal is to send data without requiring an SSL handshake.

Here's a summary of my setup:

  • Service: AWS Kinesis Firehose
  • Destination: Splunk Cloud Trail (using Splunk HEC URL)
  • Goal: Send data directly from Firehose to Splunk without SSL validation, if possible.
    "errorCode": "Splunk.SSLHandshake",
    "errorMessage": "Could not connect to the HEC endpoint. Make sure that the certificate and the host are valid."

    To troubleshoot, I also tested sending a record with the following command:

    aws firehose put-record --delivery-stream-name FirehoseSplunkDeliveryStream \
    --record='{"Data":"eyJldmVudCI6eyJrZXkxIjoidmFsdWUxIiwia2V5MiI6InZhbHVlMiJ9fQ=="}'

     The SSL handshake error persists when connecting to the Splunk HEC endpoint.

    Has anyone configured a similar setup, or is there a workaround to disable SSL validation for the Splunk endpoint? I'm new to splunk and just trying it out, any insights or suggestions would be greatly appreciated!

    Thanks!

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sainag_splunk
Splunk Employee
Splunk Employee
2 weeks ago

 Hello @rake This could be the issue because you are on trial version (firehose has another endpoint) .


Deploying this add-on to free trial Splunk Cloud deployments is not supported at this time.

Refer: https://docs.splunk.com/Documentation/AddOns/released/Firehose/Installationoverview


Note: Disabling SSL validation is not recommended for production environments..

If this helps, please Upvote.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sainag_splunk
Splunk Employee
Splunk Employee
2 weeks ago

 Hello @rake This could be the issue because you are on trial version (firehose has another endpoint) .


Deploying this add-on to free trial Splunk Cloud deployments is not supported at this time.

Refer: https://docs.splunk.com/Documentation/AddOns/released/Firehose/Installationoverview


Note: Disabling SSL validation is not recommended for production environments..

If this helps, please Upvote.

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...