I have inherited a Splunk Enterprise and FIPS is on for about half of the environment. My experience has always been negative with FIPS compliance so I am interested in disabling it. Preliminary checks show it is on for my search heads and LM, but not for the Indexer Cluster, CM or DS. I am also reasonably certain it is not on for most if not all of my forwarders. I had to disable it on a heavy forwarder to get some applications working which is a known and documented issue. The application of note was e-streamer which is most likely due to the firepower also not being FIPS enabled. I know Splunk documentation says you can only enable Splunk in FIPS mode from install, but there is nothing about disabling FIPS mode. Any insight, experience or advice would be appreciated.
... View more