Splunk Cloud Platform

Splunk HF to splunk cloud Outputs.conf file

sekhar463
Path Finder

i am using splunk cloud and design is UF > hf>splunk CLOUD 

in HF"S we have outputs file like below 

 

 

i have below splunk configuration in outputs.conf file in heavy forwarder
here sslPassword is same for all HF"S if i am using multiple heavy forwarders

root@hostname:/opt/splunk/etc/apps/100_stackname_splunkcloud/local # cat outputs.conf
[tcpout]
sslPassword = 27adhjwgde2y67dvff3tegd36scyctefd73******************
channelReapLowater = 10
channelTTL = 300000
dnsResolutionInterval = 300
negotiateNewProtocol = true
socksResolveDNS = false
useClientSSLCompression = true
negotiateProtocolLevel = 0
channelReapInterval = 60000
tcpSendBufSz = 5120000
useACK = false

[tcpout:splunkcloud]
useClientSSLCompression = true
maxQueueSize = 250MB
autoLBFrequency = 300

 

Labels (2)
0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

you should use UF package which is loaded from your SCP stack. Just install it on all your UF+HF which are directly connected to your cloud stack and use its defaults to send into SCP. Don't mesh it!

r. Ismo

0 Karma

richgalloway
SplunkTrust
SplunkTrust

What is your question?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...