Re: Splunk HF to splunk cloud Outputs.conf file

sekhar463 · ‎04-16-2024

i am using splunk cloud and design is UF > hf>splunk CLOUD

in HF"S we have outputs file like below

i have below splunk configuration in outputs.conf file in heavy forwarder
here sslPassword is same for all HF"S if i am using multiple heavy forwarders

root@hostname:/opt/splunk/etc/apps/100_stackname_splunkcloud/local # cat outputs.conf
[tcpout]
sslPassword = 27adhjwgde2y67dvff3tegd36scyctefd73******************
channelReapLowater = 10
channelTTL = 300000
dnsResolutionInterval = 300
negotiateNewProtocol = true
socksResolveDNS = false
useClientSSLCompression = true
negotiateProtocolLevel = 0
channelReapInterval = 60000
tcpSendBufSz = 5120000
useACK = false

[tcpout:splunkcloud]
useClientSSLCompression = true
maxQueueSize = 250MB
autoLBFrequency = 300

isoutamo · ‎04-17-2024

Hi

you should use UF package which is loaded from your SCP stack. Just install it on all your UF+HF which are directly connected to your cloud stack and use its defaults to send into SCP. Don't mesh it!

r. Ismo

richgalloway · ‎04-16-2024

What is your question?

---
If this reply helps you, Karma would be appreciated.

Splunk HF to splunk cloud Outputs.conf file

administration

using Splunk Cloud

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?