Re: Splunk HF to splunk cloud Outputs.conf file

sekhar463

i am using splunk cloud and design is UF > hf>splunk CLOUD

in HF"S we have outputs file like below

i have below splunk configuration in outputs.conf file in heavy forwarder
here sslPassword is same for all HF"S if i am using multiple heavy forwarders

root@hostname:/opt/splunk/etc/apps/100_stackname_splunkcloud/local # cat outputs.conf
[tcpout]
sslPassword = 27adhjwgde2y67dvff3tegd36scyctefd73******************
channelReapLowater = 10
channelTTL = 300000
dnsResolutionInterval = 300
negotiateNewProtocol = true
socksResolveDNS = false
useClientSSLCompression = true
negotiateProtocolLevel = 0
channelReapInterval = 60000
tcpSendBufSz = 5120000
useACK = false

[tcpout:splunkcloud]
useClientSSLCompression = true
maxQueueSize = 250MB
autoLBFrequency = 300

isoutamo

Hi

you should use UF package which is loaded from your SCP stack. Just install it on all your UF+HF which are directly connected to your cloud stack and use its defaults to send into SCP. Don't mesh it!

r. Ismo

richgalloway

What is your question?

---
If this reply helps you, Karma would be appreciated.

Splunk HF to splunk cloud Outputs.conf file

administration

using Splunk Cloud

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team