When you configure the secure mode for transporting data transport from the a source to the a Splunk destination, verify and ensure that Splunk is configured as discussed described in this section. For complete and detailed information on deploying Splunk deployment, refer to the documentation for Splunk documentation.
To enable transport of data in the secure mode, complete the following on the Splunk server:
- In the inputs.conf file, add the following lines:
[splunktcp-ssl:9997]compressed = truedisabled = 0[SSL]serverCert = /opt/splunk/etc/auth/server.pemsslPassword = <certificate_passphrase>==requireClientCert = true - In the server.conf file, add the following lines:
[sslConfig]sslPassword = <certificate_passphrase>==sslRootCAPath = /opt/splunk/etc/auth/cacert.pem - Restart the Splunk server.
...
| title | Note |
|---|
...
To switch from the secure mode to
...
insecure
...
,
...
do the following:
...
- Log in to the Infoblox Portal.
- On the Splunk Destination Configuration
...
- screen, go to the Splunk Details section
...
- .
- Select Insecure Mode, and save the destination. For more information,
...
- see Setting Up Splunk.
...
- On the Splunk server, in the input.conf and server.conf files, remove the lines
...
- added to enable secure transport
...
- .
- Restart the server.