/opt/splunk/etc/system/default/outputs.conf [rfs] /opt/splunk/etc/system/default/outputs.conf batchSizeThresholdKB = 131072 /opt/splunk/etc/system/default/outputs.conf batchTimeout = 30 /opt/splun...
See more...
/opt/splunk/etc/system/default/outputs.conf [rfs] /opt/splunk/etc/system/default/outputs.conf batchSizeThresholdKB = 131072 /opt/splunk/etc/system/default/outputs.conf batchTimeout = 30 /opt/splunk/etc/system/default/outputs.conf compression = zstd /opt/splunk/etc/system/default/outputs.conf compressionLevel = 3 /opt/splunk/etc/system/default/outputs.conf dropEventsOnUploadError = false /opt/splunk/etc/system/default/outputs.conf format = json /opt/splunk/etc/system/default/outputs.conf format.json.index_time_fields = true /opt/splunk/etc/system/default/outputs.conf format.ndjson.index_time_fields = true /opt/splunk/etc/system/default/outputs.conf partitionBy = legacy /opt/splunk/etc/system/default/outputs.conf [syslog] /opt/splunk/etc/system/default/outputs.conf maxEventSize = 1024 /opt/splunk/etc/system/default/outputs.conf priority = <13> /opt/splunk/etc/system/default/outputs.conf type = udp /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf [tcpout] /opt/splunk/etc/system/default/outputs.conf ackTimeoutOnShutdown = 30 /opt/splunk/etc/system/default/outputs.conf autoLBFrequency = 30 /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf autoLBFrequencyIntervalOnGroupFailure = -1 /opt/splunk/etc/system/default/outputs.conf autoLBVolume = 0 /opt/splunk/etc/system/default/outputs.conf blockOnCloning = true /opt/splunk/etc/system/default/outputs.conf blockWarnThreshold = 100 /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf channelReapInterval = 60000 /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf channelReapLowater = 10 /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf channelTTL = 300000 /opt/splunk/etc/system/default/outputs.conf cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256 /opt/splunk/etc/system/default/outputs.conf compressed = false /opt/splunk/etc/system/default/outputs.conf connectionTTL = 0 /opt/splunk/etc/system/default/outputs.conf connectionTimeout = 20 /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf connectionsPerTarget = 0 /opt/splunk/etc/system/local/outputs.conf defaultGroup = splunkcloud_20231028_9aaa4b04216cd9a0a4dc1eb274307fd1 /opt/splunk/etc/system/default/outputs.conf disabled = false /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf dnsResolutionInterval = 300 /opt/splunk/etc/system/default/outputs.conf dropClonedEventsOnQueueFull = 5 /opt/splunk/etc/system/default/outputs.conf dropEventsOnQueueFull = -1 /opt/splunk/etc/system/default/outputs.conf ecdhCurves = prime256v1, secp384r1, secp521r1 /opt/splunk/etc/system/default/outputs.conf enableOldS2SProtocol = false /opt/splunk/etc/system/default/outputs.conf forceTimebasedAutoLB = false /opt/splunk/etc/apps/SplunkForwarder/default/outputs.conf forwardedindex.0.whitelist = .* /opt/splunk/etc/apps/SplunkForwarder/default/outputs.conf forwardedindex.1.blacklist = _.* /opt/splunk/etc/apps/SplunkDeploymentServerConfig/default/outputs.conf forwardedindex.2.whitelist = (_audit|_internal|_introspection|_telemetry|_metrics|_metrics_rollup|_configtracker|_dsclient|_dsphonehome|_dsappevent) /opt/splunk/etc/apps/SplunkForwarder/default/outputs.conf forwardedindex.filter.disable = false /opt/splunk/etc/system/default/outputs.conf heartbeatFrequency = 30 /opt/splunk/etc/system/local/outputs.conf indexAndForward = 1 /opt/splunk/etc/system/default/outputs.conf maxConnectionsPerIndexer = 2 /opt/splunk/etc/system/default/outputs.conf maxFailuresPerInterval = 2 /opt/splunk/etc/apps/SplunkForwarder/default/outputs.conf maxQueueSize = 500KB /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf negotiateNewProtocol = true /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf polling_interval = 5 /opt/splunk/etc/system/default/outputs.conf readTimeout = 300 /opt/splunk/etc/system/default/outputs.conf secsInFailureInterval = 1 /opt/splunk/etc/system/default/outputs.conf sendCookedData = true /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf socksResolveDNS = false /opt/splunk/etc/apps/100_tenant_splunkcloud/local/outputs.conf sslPassword = /opt/splunk/etc/system/default/outputs.conf sslQuietShutdown = false /opt/splunk/etc/system/default/outputs.conf sslVersions = tls1.2 /opt/splunk/etc/system/default/outputs.conf tcpSendBufSz = 0 /opt/splunk/etc/system/local/outputs.conf useACK = true /opt/splunk/etc/system/default/outputs.conf useClientSSLCompression = true /opt/splunk/etc/system/default/outputs.conf writeTimeout = 300 /opt/splunk/etc/system/local/outputs.conf [tcpout:scs] /opt/splunk/etc/system/local/outputs.conf autoLBFrequency = 120 /opt/splunk/etc/system/local/outputs.conf clientCert = $SPLUNK_HOME/etc/apps/100_tenant_splunkcloud/default/tenant_server.pem /opt/splunk/etc/system/local/outputs.conf compressed = true /opt/splunk/etc/system/local/outputs.conf disabled = 1 /opt/splunk/etc/system/local/outputs.conf server = tenant.forwarders.scs.splunk.com:9997 /opt/splunk/etc/system/local/outputs.conf sslAltNameToCheck = *.forwarders.scs.splunk.com /opt/splunk/etc/system/local/outputs.conf sslVerifyServerCert = true /opt/splunk/etc/system/local/outputs.conf useClientSSLCompression = false /opt/splunk/etc/system/local/outputs.conf [tcpout:splunkcloud_] /opt/splunk/etc/system/local/outputs.conf autoLBFrequency = 120 /opt/splunk/etc/system/local/outputs.conf clientCert = $SPLUNK_HOME/etc/apps/100_tenant_splunkcloud/default/tenant_server.pem /opt/splunk/etc/system/local/outputs.conf compressed = false /opt/splunk/etc/system/local/outputs.conf server = inputs1.tenant.splunkcloud.com:9997, inputs2.tenant.splunkcloud.com:9997, inputs3.tenant.splunkcloud.com:9997, inputs4.tenant.splunkcloud.com:9997, inputs5.tenant.splunkcloud.com:9997, inputs6.tenant.splunkcloud.com:9997, inputs7.tenant.splunkcloud.com:9997, inputs8.tenant.splunkcloud.com:9997, inputs9.tenant.splunkcloud.com:9997, inputs10.tenant.splunkcloud.com:9997, inputs11.tenant.splunkcloud.com:9997, inputs12.tenant.splunkcloud.com:9997, inputs13.tenant.splunkcloud.com:9997, inputs14.tenant.splunkcloud.com:9997, inputs15.tenant.splunkcloud.com:9997 /opt/splunk/etc/system/local/outputs.conf sslCommonNameToCheck = *.tenant.splunkcloud.com /opt/splunk/etc/system/local/outputs.conf sslVerifyServerCert = true /opt/splunk/etc/system/local/outputs.conf sslVerifyServerName = true /opt/splunk/etc/system/local/outputs.conf useClientSSLCompression = true