We have a commercial appliance that requires a HEC configuration in Splunk to ingest data. I have configuration the TA and App and the HEC configuration on the search head. But I get no data being ingested. I was told that it requires a valid certificate on the search head in order for this to work. Is this true? In the HEC configuration there is a check box for not using SSL. I've also have run the curl -k command with success using the generated token.
it depends on client if it can use self signed certificates or work without ssl. If valid cert is required you have basically two options to manage it.
Probably the 2nd one is the easiest and quickest solution for you?