Getting Data In

How to use SSL validation with HEC?

FastTrack
Observer

Hi all,

I'm very new to Splunk, so apologies if the question is common knowledge. I've found a lot of different posts describing the issue - but basically none which actually offers a (for me) viable solution. So I hope you can help me out.

Basically we have a webhook setup which can POST data upon different events in our software. This setup is serving a lot of different customers for various needs - not just one customers' Splunk setup. I've set up a HTTP Event Collector endpoint in my Splunk Cloud to receive the data, and created a webhook to send data to my Splunk HEC endpoint.

However - I can't send any data to the endpoint without disabling SSL validation, because Splunk uses self-signed certificates. I've seen a lot of different posts on how you just need to disable SSL validation, but that's not a great option in a production environment with a lot of different customers.

So my question is: 

- How would I setup Splunk so that we can send HTTPS requests to our different customers Splunk endpoints without disabling SSL validation?

As we serve a lot of different customers, we can't have a per-customer certificate setup. We basically just need to be able to call the public HTTPS endpoint in splunk - preferably with SSL validation intact.

I really hope someone can help me shed a light on this. The only answer I seem to be able to find is either to install certificates (not an option in a SaaS solution) or to disable SSL validation, which I'm very hesitant to do.

Thanks a lot guys 🙂

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...