Currently we are using a basic splunk configuration for the outputs.conf on all of our clients.
[tcpout:indexerGroup]
server=server1:8182,server2:8182,server3:8182
We are working on enabling SSL which can ba accomplisehd by doing :
[tcpout]
defaultGroup = splunkssl
[tcpout:splunkssl]
compressed = true
server = server3:9998
sslCertPath = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = $1$iYxeTtEVRyXQ
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
sslVerifyServerCert = false
The above for SSL accomplishes this for one servers, we need to have the same functionality as current. How do I enable SSL forwarding in a round robin manner as we are using today ?
In addition is it possible to use a single port in splunk to listen for both SSL and non SSL connections ?
You can have a server=server1:1234,server2:1234 line. To do the round robin autoLB=true.
Yes, but how do I do that with SSL enabled ? We already have that working without SSL.