Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

When you configure the secure mode for transporting data from a source to a Splunk destination, verify that Splunk is configured as described in this section. For detailed information on deploying Splunk, refer to the documentation for Splunk.

To enable transport of data in the secure mode, complete the following on the Splunk server:

  1. In the inputs.conf file, add the following lines:

    [splunktcp-ssl:9997]
    compressed = true
    disabled = 0

    [SSL]
    serverCert = /opt/splunk/etc/auth/server.pem
    sslPassword = <certificate_passphrase>==
    requireClientCert = true

  2. In the server.conf file, add the following lines:
    [sslConfig]
    sslPassword = <certificate_passphrase>==
    sslRootCAPath = /opt/splunk/etc/auth/cacert.pem

  3. Restart the Splunk server.

To switch from the secure mode to insecure, do the following:

  1. Log in to the Cloud Service Portal.
  2. On the Splunk Destination Configuration screen, go to the Splunk Details section.
  3. Select Insecure Mode, and save the destination. For more information, see Setting Up Splunk.
  4. On the Splunk server, in the input.conf and server.conf files, remove the lines added to enable secure transport.
  5. Restart the server.
  • No labels