If you're required to ingest multiple data sources where some are encrypted and some are not, then you can send them to the Heavy Forwarder in their current state and then forward to the indexer cluster via SSL certificates only from the Heavy Forwarder to the Indexer Cluster. This will allow SSl and non-SSL transactions from the data sources to the Heavy Forwarder. Not 100% sure if this is what you're looking for but this is the only method I would recommend involving SSL and non-SSL data sources. As Rich said, all the indexers should have the same configuration for things to run properly. --- If this reply helps you, an upvote would be appreciated.
... View more