I am trying to integrate zScaler from decentralized sites into a central Splunk instance. Each site has their own zScaler purchase with zScaler. So, multiple admins at the various sites will need to configure zScaler to send me logs. However, i cannot accept their logs over TCP. It has it come over TLS. So, what do I need to do to have the zScaler admins on their side setup to be able to output their logs over TLS so that I can ingest it to my splunk instance? To recap, my issue is that I cannot accept the logs over TCP as the integration documentation suggest… i need it over TLS.
Multiple zScaler Customers → TLS → My Load Balancer → My Splunk Instance
Thanks in advance.