When you configure secure mode for data transport from the source to the Splunk destination, verify and ensure that Splunk is configured as discussed in this section. For complete and detailed information on Splunk deployment, refer to the Splunk documentation.
To enable transport of data in secure mode, complete the following on the Splunk server:
- In the inputs.conf file, add the following lines:
[splunktcp-ssl:9997]compressed = truedisabled = 0[SSL]serverCert = /opt/splunk/etc/auth/server.pemsslPassword = <certificate_passphrase>==requireClientCert = true - In the server.conf file, add the following lines:
[sslConfig]sslPassword = <certificate_passphrase>==sslRootCAPath = /opt/splunk/etc/auth/cacert.pem - Restart the Splunk server.
Note
If you need to switch from the secure mode to the insecure mode, complete the following:
In the Cloud Service Portal: On the Splunk Destination Configuration screen -> Splunk Details section, select Insecure Mode and save the destination. For more information, see Setting Up Splunk. Then, on the Splunk server, in the input.conf and server.conf files, remove the lines that were added to enable secure transport, and then restart the Splunk server.