uberAgent Support

Enable HTTPS for Splunk HTTP Event Collector

In this walkthrough, we demonstrate how to enable HTTPS to send SSL/TLS encrypted data to Splunk's HTTP Event Collector.

Enable HTTP Event Collector

Please follow these steps to enable and configure HTTP Event Collector.

Enable HTTPS

  • Open the Splunk web console
  • From the system bar, click Settings -> Data Inputs
  • On the left side of the page, click HTTP Event Collector
  • In the upper right corner, click Global Settings. The following dialog comes up:

  • Click Enable SSL
  • Click Save

Request Your Server Certificate

Follow the Splunk documentation to request your own server certificate.

Install Your Server Certificate

After you received a valid server certificate you have to reconfigure the HTTP Event Collector on your designated Splunk server following these steps:

  • Navigate to the directory $SPLUNK_HOME\etc\apps\splunk_httpinput\local
  • Within the local directory add the following content to the inputs.conf in the [http] stanza:
[http]
enableSSL = 1
sslVersions = *,-ssl2
allowSslCompression = true
allowSslRenegotiation = true
caCertFile = <name of your .pem file>
caPath = <path to your certificate files, e.g. $SPLUNK_HOME\etc\auth\mycerts>
sslKeysfile = <name of your .key file>
sslKeysfilePassword = <private key password>
  • Restart the splunkd service

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.