uberAgent 3.7 now supports Splunk’s HTTP Event Collector (via HTTP and HTTPS) in addition to sending to a TCP port.
In this walkthrough we demonstrate how to enable HTTPS to send SSL/TLS encrypted data to your Splunk enviroment.
Enable HTTP Event Collector
Please follow these steps to enable and configure HTTP Event Collector.
- Open the Splunk web console
- From the system bar, click Settings -> Data Inputs
- On the left side of the page, click HTTP Event Collector
- In the upper right corner, click Global Settings. The following dialog comes up:
- Click Enable SSL
- Click Save
Request Your Server Certificate
Follow the Splunk documentation to request your own server certificate.
Install Your Server Certificate
After you received a valid server certificate you have to reconfigure the HTTP Event Collector on your designated Splunk server following these steps:
- Navigate to the directory $SPLUNK_HOME\etc\apps\splunk_httpinput\local
- Within the local directory add the following content in the [http] stanza:
enableSSL = 1
sslVersions = *,-ssl2
allowSslCompression = true
allowSslRenegotiation = true
caCertFile = <name of your .pem file>
caPath = <path to your certificate files, e.g. $SPLUNK_HOME\etc\auth\mycerts>
sslKeysfile = <name of your .key file>
sslKeysfilePassword = <private key password>
- Restart the splunkd service