Outputs.conf

1 개요[ | ]

outputs.conf
/opt/splunkforwarder/etc/system/default/outputs.conf
/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/outputs.conf
  • Splunk Forwarder 설정 파일
  • 목적지(스플렁크 서버) 설정

2 system default[ | ]

/opt/splunkforwarder/etc/system/default/outputs.conf
#   Version 5.0.3

[tcpout]
maxQueueSize = 500KB
forwardedindex.0.whitelist = .*
forwardedindex.1.blacklist = _.*
forwardedindex.2.whitelist = (_audit|_internal)
forwardedindex.filter.disable = false
indexAndForward = false
autoLBFrequency = 30
blockOnCloning = true
compressed = false
disabled = false
dropClonedEventsOnQueueFull = 5
dropEventsOnQueueFull = -1
heartbeatFrequency = 30
maxFailuresPerInterval = 2
secsInFailureInterval = 1
maxConnectionsPerIndexer = 2
forceTimebasedAutoLB = false
sendCookedData = true
connectionTimeout = 20 
readTimeout = 300
writeTimeout = 300 
useACK = false

3 apps default[ | ]

#   Version 5.0.3
[tcpout]
maxQueueSize = 500KB
forwardedindex.0.whitelist = .*
forwardedindex.1.blacklist = _.*
forwardedindex.2.whitelist = _audit
forwardedindex.filter.disable = false

4 같이 보기[ | ]