No, not out of the box. But, you can pretty easily make it able to.

There are two approaches you could take: either use a scripted input (http://docs.splunk.com/Documentation/Splunk/5.0.3/AdvancedDev/ScriptedInputsIntro ) where you write your own script that takes care of extracting the encrypted data into plain text before passing it along to Splunk, or setup a regular file/directory monitor input and tell Splunk how it should extract the proper contents via the unarchive_cmd setting in props.conf (http://docs.splunk.com/Documentation/Splunk/latest/admin/Propsconf ). More information on this for a similar scenario is available at the end of this blog post: http://blogs.splunk.com/2011/07/19/the-naughty-bits-how-to-splunk-binary-logfiles/