Losing splunkforwarders / deployment server connection if any certificate...
Hello, if default server.pem on the forwarders expires, do you know if we keep connection with the deployment server (which also hosts management console, cluster master, license manager...) and so be...
View ArticleSSL connection between forwarder and indexer fails when password less...
Hi, In the SSL/TLS world, it is not mandatory to have passwords for the private key. However in case of Splunk the SSL connection between forwarder and indexer fails when password less certificates are...
View ArticleWhy is the SSL connection between forwarder and indexer fails when password...
Hi, In the SSL/TLS world, it is not mandatory to have passwords for the private key. However, in case of Splunk, the SSL connection between forwarder and indexer fails when password less certificates...
View ArticleWhy am I unable to connect to IMAP server with IMAP Mailbox tool?
I am trying to index a mailbox on Dovecot IMAP server, but running into some SSL errors. I am able to connect to it from a mail client through port 143, using "STARTTLS". But I am not sure what to use...
View ArticleHow to configure a Log4j2 Socket Appender with a TCP-SSL Appender?
I am planning to configure a Log4j2 Socket Appender with a TCP-SSL Appender. Here is the configuration I see in Log4j2 website. In this config, what do the Keystore and TrustStore files contain? I...
View ArticleStuck in installing: SSL_ERROR_RX_RECORD_TOO_LONG after fresh install
I choose the tgz package as I do not have root permission on the host I want to run splunk on. After bin/splunk start I can see: The Splunk web interface is at http://my.do.main:8000 When I try to...
View ArticleMultiple SplunkTCPTokens on inputs.conf
We are looking to utilize the splunktcptoken as additional security measure to validate that we trust the sender of data at the intermediary forwarding layer. We would like to be able to rotate the...
View ArticleExpired server.pem and sslVerifyServerCert = false on splunkforwarder
Hello guys, could you let me know if splunkforwarder will continue to work if sslCertPath=$SPLUNK_HOME/etc/auth/server.pem specified in outputs.conf is expired with sslVerifyServerCert = false? Does...
View ArticleSplunk FIPS 140-2 with SSL tls1.2 certificates
Hello! Does Splunk support running FIPS while using SSL tls1.2 certificates? I read this article and think this might be the reason why I can not get those two working together....
View ArticleRenewing /etc/auth/server.pem by renaming/deleting/moving it
Hello, I could renew server.pem by renaming it (great idea from splunk dev as this quickly fix production issues) I would like to know if this works too with cacert.pem? Thanks! Splunk 6.5.2 (clustered)
View ArticleSSL Forwader to Indexer
Windows Server 2012 Splunk 7.0 Self Signed certificates Followed document: https://docs.splunk.com/Documentation/Splunk/7.1.1/Security/Howtoself-signcertificates We're not requiring client cert, we set...
View ArticleSSL - Different names for input.conf and output.conf
On the `outputs.conf` of the forwarder we use `sslPassword`, `sslCertPath` and `sslRootCAPath` while the `inputs.conf` refers to the same exact configurations via `password`, `serverCert` and `rootCA`....
View ArticleSSL - Different names for inputs.conf and outputs.conf
On the `outputs.conf` of the forwarder we use `sslPassword`, `sslCertPath` and `sslRootCAPath` while the `inputs.conf` refers to the same exact configurations via `password`, `serverCert` and `rootCA`....
View ArticleWhy are there different names for inputs.conf and outputs.conf?
On the `outputs.conf` of the forwarder we use `sslPassword`, `sslCertPath` and `sslRootCAPath` while the `inputs.conf` refers to the same exact configurations via `password`, `serverCert` and `rootCA`....
View ArticleAll Database Related Splunk indexes stopped working post update to 7.1.1
We recently updated splunk to latest version of 7.1.1 post that update, the splunk database connections are all not working. We receive the below warnings in the Jbrige.log ERROR Java process returned...
View ArticleWhy enable ssl and http port options are disabled in my global settings for...
Those options are disabled in my panel. I don't want to use ssl for my hec configuration(actually because I couldn't find documentation to properly make certificates. input-prd..... is not...
View ArticleDB Connect error "sslmode and sslfactory are in conflict" when attempting to...
We are running a Postgres server on AWS RDS with SSL Required. For some reason though when saving the connection and trying to us it we are getting the following error. [Amazon](500154) The values of...
View ArticleWhy am I receiving this DB Connect error: "sslmode and sslfactory are in...
We are running a Postgres server on AWS RDS with SSL Required. For some reason though when saving the connection and trying to us it we are getting the following error. [Amazon](500154) The values of...
View ArticleHEC Invalid SSL Certificate
Hi, I'm using Splunk Cloud with an HEC configured via Settings --> Data Inputs --> HTTP Event Collector I can submit an event via `curl`, but when attempting to send via AWS Firehose, it fails...
View ArticleDo we have to enable/configure SSL on our 6.4.3 UFs before we upgrade to 7.1.2?
We are upgrading our Splunk Indexer from 6.4.3 to 7.1.2 (via 6.5). Our forwarders are running a mixture of 6.2.4 and 6.4.3 and are NOT using SSL. Then I noticed this compatibility matrix for the UFs:...
View Article