Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a way to configure HEC to receive both HTTP and HTTPS inputs

mettomm
Explorer
‎02-22-2022 06:21 AM

Hi there all.
I am in a bit of a catch 22.  I have a process that cannot send data over HTTPS data because the HEC is using a self-signed certificate and the process I am using will not allow that.  However, I cannot send HTTP because the HEC is set for HTTPS input and so is getting rejected by the Splunk HEC.

Is there a way to have the HEC collect BOTH HTTP and HTTPS and set the requirement based on the input?

Thanks

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mettomm
Explorer
‎02-28-2022 04:55 AM

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

mettomm
Explorer
‎02-28-2022 04:55 AM

Thanks for the information and the confirmation.  

We are looking at a second Heavy Forwarder with HEC set to receive HTTP.

 

0 Karma
Reply
Solved! Jump to solution

mettomm
Explorer
‎02-22-2022 06:52 AM

Thanks.
That was my thoughts as well.  However, I  know that there are ways to "tweak" inputs in Splunk and was just wanting to make sure that there was no other way to accomplish this.  

I will let this question set for a few days and see if there are other thoughts.

Thanks

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎02-22-2022 07:00 AM

At least some LBs (like F5) can listen both http and https and do a redirect to wanted port. That way you can use both on same address before real HEC input and use only one protocol between LB/VIP and HEC-listener(s).

Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎02-22-2022 06:34 AM

Splunk HEC is enabled per instance and it can either be HTTP or HTTPS. Having a separate Heavy Fwd for HTTP and HTTS would help here.

Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

The Splunk Community is a powerful network of users, educators, and organizations working together to tackle ...