There may be some small performance impact at index time, depending on data volumes and the amount of indexers you have. Points to note : If you have a mix of SSL enabled and non-SSL enabled forwarders, they will need to send to separate ports on the indexer (e.g.Additionally, regulatory or business requirements may mandate this. There may be some more sensitive endpoints where you enabled it vs. When to implement : Best practice would be to enable such that potentially sensitive data is encrypted over the network.What this is: SSL encryption of the log data flowing from the Splunk forwarders to the Splunk indexers.Points to note: You can either use self-signed certificates or implement your own SSL certificate.Įncrypt communication from forwarders to indexers.When to implement: It would be considered best practice to implement on your search heads as a minimum.This would commonly be the search head, but could also be other components where Splunk web is running. What this is: SSL encryption of Splunk web user sessions.30+ and beyond), performance of searches can be impacted.Įncrypt communication from browsers to Splunk Web Points to note : In environments with a lot of indexers (e.g.When to implement : This is implemented by default and the recommendation is to leave it enabled.Search heads, indexers, deployment servers and forwarders) over port 8089. What this is: SSL encryption of data communication between Splunk components (e.g.Encrypt communication between Splunk components
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |