Always On: This default option will always write events to the persistent queue, before forwarding them to Cribl Stream's data processing engine.Mode: Select a condition for engaging persistent queues. If enabled, PQ is automatically configured in Always On mode, with a maximum queue size of 1 GB disk space allocated per Worker Process.Įnable Persistent Queue: Defaults to No. On Cribl-managed Cribl.Cloud Workers (with an Enterprise plan), this tab exposes only the Enable Persistent Queue toggle. This will buffer and preserve incoming events when a downstream Destination is down, or exhibiting backpressure. In this section, you can optionally specify persistent queue storage, using the following controls. Maximum TLS version: Optionally, select the maximum TLS version to accept from connections. Minimum TLS version: Optionally, select the minimum TLS version to accept from connections. E.g., to match the subject CN=, you would enter: worker\.cribl\.local. As needed, escape regex tokens to match literal characters. Defaults to Yes.Ĭommon name: Regex matching subject common names in peer certificates allowed to connect. Validate client certs: Reject certificates that are not authorized by a CA in the CA certificate path, or by another trusted CA (e.g., the system's CA). Used to perform mutual authentication using SSL certs. Path can reference $ENV_VARS.Īuthenticate client (mutual auth): Require clients to present their certificates. Path can reference $ENV_VARS.ĬA certificate path: Server path containing CA certificates (in PEM format) to use. Passphrase: Passphrase to use to decrypt private key.Ĭertificate path: Server path containing certificates (in PEM format) to use. Private key path: Server path containing the private key (in PEM format) to use. When toggled to Yes:Ĭertificate name: Name of the predefined certificate. TLS Settings (Server Side) Įnabled defaults to No. Use a tab or hard return between (arbitrary) tag names. Tags: Optionally, add tags that you can use for filtering and grouping in Cribl Stream. Input ID: Enter a unique name to identify this Splunk Source definition.Īddress: Enter hostname/IP to listen for Splunk data. You can clone or directly modify this Source to further configure it, and then enable it. For more details on using the CLI in general, see Administer Splunk Enterprise with the CLI in the Splunk Enterprise Admin Manual.Cribl Stream ships with a Splunk TCP Source preconfigured to listen on Port 9997. You can choose to edit the configuration files through the command line. The forwarder writes configurations for forwarding data to nf in $SPLUNK_HOME/etc/system/local/).Įdit the configuration files through the command line This prevents typos and other mistakes that can occur when you edit configuration files directly. When you make configuration changes with the CLI, the universal forwarder writes the configuration files. You can edit them however you normally edit files, such as through a text editor or the command line, or you can use the Splunk Deployment Server. nf for connecting to a deployment server.nf for connection and performance tuning.nf controls how the forwarder sends data to an indexer or other forwarder.nf controls how the forwarder collects data.Navigate to nf in $SPLUNK_HOME/etc/system/local/ to locate your Universal Forwarder configuration files. Optionally edit the Universal forwarder configuration files to further modify how your machine data is streamed to your indexers. Configure the universal forwarder using configuration files
0 kommentar(er)
