Re: Splunk HF to splunk cloud Outputs.conf file

sekhar463 · ‎04-16-2024

i am using splunk cloud and design is UF > hf>splunk CLOUD

in HF"S we have outputs file like below

i have below splunk configuration in outputs.conf file in heavy forwarder
here sslPassword is same for all HF"S if i am using multiple heavy forwarders

root@hostname:/opt/splunk/etc/apps/100_stackname_splunkcloud/local # cat outputs.conf
[tcpout]
sslPassword = 27adhjwgde2y67dvff3tegd36scyctefd73******************
channelReapLowater = 10
channelTTL = 300000
dnsResolutionInterval = 300
negotiateNewProtocol = true
socksResolveDNS = false
useClientSSLCompression = true
negotiateProtocolLevel = 0
channelReapInterval = 60000
tcpSendBufSz = 5120000
useACK = false

[tcpout:splunkcloud]
useClientSSLCompression = true
maxQueueSize = 250MB
autoLBFrequency = 300

isoutamo · ‎04-17-2024

Hi

you should use UF package which is loaded from your SCP stack. Just install it on all your UF+HF which are directly connected to your cloud stack and use its defaults to send into SCP. Don't mesh it!

r. Ismo

richgalloway · ‎04-16-2024

What is your question?

---
If this reply helps you, Karma would be appreciated.

Splunk HF to splunk cloud Outputs.conf file

administration

using Splunk Cloud

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation