I want to understand is it possible to use 'defaultGroup' setting in the server.conf file.
I can see in the documentation that defaultGroup is used in outputs.conf file but I've seen some configuration file where defaultGroup is used in server.conf file.
Can someone explain?
defaultGroup is only valid in outputs.conf, and is used to declare a group of indexers/search peers.
This can be either on forwarders, or cluster members (HF for internal logs).
It is not set/used in server.conf.
[tcpout] defaultGroup = <target_group>, <target_group>, ... * A comma-separated list of one or more target group names, specified later in [tcpout:<target_group>] stanzas. * The forwarder sends all data to the specified groups. * If you don't want to forward data automatically, don't set this setting. * Can be overridden by an inputs.conf '_TCP_ROUTING' setting, which in turn can be overridden by a props.conf or transforms.conf modifier. * Starting with version 4.2, this setting is no longer required.
Just asking if it is possible to use defaultGroup setting in the server.conf file?
I have server.conf file with this setting:
defaultGroup = splunkssl
Is this fine? Because in this document - https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf
defaultGroup setting is not present in server.conf file