"Outputs.conf"의 두 판 사이의 차이

 
7번째 줄: 7번째 줄:


==system default==
==system default==
* /opt/splunkforwarder/etc/system/default/outputs.conf
{{소스헤더|/opt/splunkforwarder/etc/system/default/outputs.conf}}
<source lang='autoconf'>
<source lang='aconf'>
#  Version 5.0.3
#  Version 5.0.3


37번째 줄: 37번째 줄:


==apps default==
==apps default==
<source lang='autoconf'>
<source lang='aconf'>
#  Version 5.0.3
#  Version 5.0.3
[tcpout]
[tcpout]

2019년 6월 8일 (토) 11:24 기준 최신판

1 개요[ | ]

outputs.conf
/opt/splunkforwarder/etc/system/default/outputs.conf
/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/outputs.conf
  • Splunk Forwarder 설정 파일
  • 목적지(스플렁크 서버) 설정

2 system default[ | ]

/opt/splunkforwarder/etc/system/default/outputs.conf
#   Version 5.0.3

[tcpout]
maxQueueSize = 500KB
forwardedindex.0.whitelist = .*
forwardedindex.1.blacklist = _.*
forwardedindex.2.whitelist = (_audit|_internal)
forwardedindex.filter.disable = false
indexAndForward = false
autoLBFrequency = 30
blockOnCloning = true
compressed = false
disabled = false
dropClonedEventsOnQueueFull = 5
dropEventsOnQueueFull = -1
heartbeatFrequency = 30
maxFailuresPerInterval = 2
secsInFailureInterval = 1
maxConnectionsPerIndexer = 2
forceTimebasedAutoLB = false
sendCookedData = true
connectionTimeout = 20 
readTimeout = 300
writeTimeout = 300 
useACK = false

3 apps default[ | ]

#   Version 5.0.3
[tcpout]
maxQueueSize = 500KB
forwardedindex.0.whitelist = .*
forwardedindex.1.blacklist = _.*
forwardedindex.2.whitelist = _audit
forwardedindex.filter.disable = false

4 같이 보기[ | ]