Use Certificate Assist
Certificate Assist gives you insights into the status of the transport layer security (TLS) certificates that you have installed on your Splunk Enterprise instances.
When Certificate Assist loads, the page appears similar to the main Assist page, with indicator severity cards along the top of the page, an overview pane that shows the list of certificates, and a detail pane that shows information on the certificate you select. The name of the pane changes depending on which indicator card you click.
Types of certificates that Splunk Assist collects
Splunk Assist collects indicators on the following types of certificates:
- Indexers and forwarders: Certificates that secure the management port
- Search heads: Certificates that secure the management and web server ports
Splunk Assist collects indicators on certificates on forwarders and indexers over a period of the previous 30 days. For search heads, Splunk Assist collects indicators on certificates in real time. When you replace your certificates, you might see the old certificates for forwarders and indexers in Certificate Assist for up to 30 days after you have renewed them.
Review and filter indicator statuses
The indicator tabs filter the list of certificates as follows:
- All certificates.: Shows all nodes for which Splunk Assist has recorded certificate information.
- Critical. Shows nodes whose certificates expire within 7 days of the current date, or that have already expired.
- Warning. Shows nodes whose certificates expire within 30 days of the current date.
- Conforming. Shows nodes whose certificates are valid for at least 30 days from the current date.
You can filter nodes by entering text into the "Filter nodes" text box within the overview pane. You can also filter by scope by selecting the All scopes drop-down list box next to the filter text field.
To see more information about a node, click the node. The detail pane updates to provide a summary about the node certificate. You can then act on making updates as Certificate Assist advises.
Troubleshoot problems with Certificate Assist
If you encounter problems where Certificate Assist does not display all information about your certificates, reference the following table for common problems and their solutions.
Problem | Solution |
---|---|
No certificate indicators appear in the Availability category |
|
Only some indexers and forwarders report certificate indicators |
|
Certificate indicators appear to be stale | Splunk Assist logs certificate data every 24 hours from the time that indexers and forwarders start. If you want to see CertificateData logs, set the time range for your search to at least 24 hours. For search heads, Splunk Assist collects information on Splunk Web and management port certificates in real time.
|
Use App Assist | Use Config Assist |
This documentation applies to the following versions of Splunk® Enterprise: 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2
Feedback submitted, thanks!