Deployment Architecture

Is it possible to use defaultGroup setting in a server.conf file?

New Member

Hi
I want to understand is it possible to use 'defaultGroup' setting in the server.conf file.
I can see in the documentation that defaultGroup is used in outputs.conf file but I've seen some configuration file where defaultGroup is used in server.conf file.
Can someone explain?

0 Karma

Motivator

defaultGroup is only valid in outputs.conf, and is used to declare a group of indexers/search peers.
This can be either on forwarders, or cluster members (HF for internal logs).
It is not set/used in server.conf.

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Outputsconf

[tcpout]
defaultGroup = <target_group>, <target_group>, ...
* A comma-separated list of one or more target group names, specified later
  in [tcpout:<target_group>] stanzas.
* The forwarder sends all data to the specified groups.
* If you don't want to forward data automatically, don't set this setting.
* Can be overridden by an inputs.conf '_TCP_ROUTING' setting, which in turn
  can be overridden by a props.conf or transforms.conf modifier.
* Starting with version 4.2, this setting is no longer required.
0 Karma

SplunkTrust
SplunkTrust

Can you please explain, what you want to achieve?

0 Karma

New Member

Just asking if it is possible to use defaultGroup setting in the server.conf file?
I have server.conf file with this setting:

[default]
defaultGroup = splunkssl

Is this fine? Because in this document - https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf
defaultGroup setting is not present in server.conf file

0 Karma

SplunkTrust
SplunkTrust

No, there are no such parameter in server.conf

0 Karma