Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Setup SSL for HEC (6.5.2)

JosIJntema
Explorer
‎03-26-2017 11:49 PM

Hi there,

I have setup my SSL for port 8000. Now I want to setup CORS and SSL for HEC.

I have used Let's Encrypt and have the following files:
cert.pem
fullchain.pem
privkey.pem
chain.pem

In the following folder:

/opt/splunk/etc/auth/analyticsimplementatie

I have the following in my input.conf in directory (/opt/splunk/etc/apps/splunk_httpinput/local)

[http]
disabled = 0
sourcetype = _json
enableSSL = 1

[http://Test]
disabled = 0
index = main
indexes = main
token =

In the documentation I cannot understand what I have to add exactly to the http-stanza.

Thanks so much for the help.

Tags (2)
0 Karma
Reply

ilyaresh
Path Finder
‎11-08-2018 11:28 AM

That's our set-up

[http]
enableSSL = 1
sslPassword = $1$IA1A1A1A1
privKeyPath = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.key
serverCert = /opt/splunk/etc/auth/splunkweb/hec.mydomain.com.pem

0 Karma
Reply

ischoenmaker
Explorer
‎10-18-2018 04:38 AM

Found your question, had the same. Posted a solution here:
answers.splunk.com/answers/462131/securing-http-event-collector.html

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎04-01-2017 03:57 PM

Set up and use HTTP Event Collector

Via the GUI:

  1. To have HEC listen and communicate over HTTPS rather than HTTP, click the Enable SSL checkbox.

Or inputs.conf

[http] enableSSL = [0|1]
* Whether or not to use SSL for the event collector endpoint server.
* HEC shares SSL settings with the Splunk management server and cannot
have 'enableSSL' set to true when
the Splunk management server has SSL
disabled.
* Defaults to 0 (enabled).

It is on by default...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...