Encrypted Inputs
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Encrypted Inputs
You can add encrypted inputs to Splunk. Use this configuration if you want to send data to Splunk from a third-party system. You can encrypt data via SSL and send it to Splunk over a TCP port.
Configure inputs.conf by adding this stanza to the version in $SPLUNK_HOME/etc/system/local, or in your own custom application directory.
If you want to configure two instances of Splunk to talk to each other, see the section on data distribution in this manual.
Define the TCP port
Add a tcp-ssl stanza to specify which TCP port receives the encrypted data:
[tcp-ssl:PORT]
Set PORT to the port on which your forwarder is sending raw (e.g. uncooked by Splunk), encrypted data.
Encrypt the data with SSL
1. Use the SSL stanza to define the encryption:
[SSL]
2. Provide a path to the server certificate:
serverCert = <path>
3. If there is a server certificate password, specify it:
password = <string>
4. Provide the certificate authority list (root file).
rootCA = <string>
5. Toggle whether it is required for a client to authenticate.
requireClientCert = true | false
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.