I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recommended design pattern as per http://docs.splunk.com/Documentation/AddOns/released/AWS/SQS-basedS3.
I have configured everything as specified however encountered a problem where it is not working. After looking into things it appears that Splunk is making the call to our S3 bucket via HTTP and not HTTPS. Our bucket policy states that only HTTPS connections can be made to it, as we have an organisation policy that states data must be encrypted in transit (which is fairly standard within the industry).
We have looked into all of the configurable variables within the Splunk console and cannot find a field where the get method for the SQS-based S3 can be changed to HTTPS. I’m fairly confident that Splunk would be able to make its requests via HTTPS, however we just can’t see where it can be configured. Please can you confirm if we are able to enforce https api calls?
Thanks in advance
