![]() When toggled to Yes:Ĭertificate name: Name of the predefined certificate. TLS Settings (Server Side) Įnabled defaults to No. Use a tab or hard return between (arbitrary) tag names. These tags aren’t added to processed events. Tags: Optionally, add tags that you can use to filter and group Sources in Cribl Stream’s Manage Sources page. Input ID: Enter a unique name to identify this Splunk Source definition.Īddress: Enter hostname/IP to listen for Splunk data. You can clone or directly modify this Source to further configure it, and then enable it. Next, click New Source to open a New Source modal that provides the options below.Ĭribl Stream ships with a Splunk TCP Source preconfigured to listen on Port 9997. From the resulting page’s tiles or left nav, select Splunk > Splunk TCP. Or, to configure via the Routing UI, click Data > Sources (Stream) or More > Sources (Edge). The resulting drawer will provide the options below. Next, click either Add Destination or (if displayed) Select Existing. From the resulting drawer’s tiles, select Splunk > Splunk TCP. To configure via the graphical QuickConnect UI, click Routing > QuickConnect (Stream) or Collect (Edge). ![]() Type: Push | TLS Support: YES | Event Breaker Support: YES Configuring Cribl Stream to Receive Splunk TCP Data įrom the top nav, click Manage, then select a Worker Group to configure. For example, port 9997.Cribl Stream supports receiving Splunk data from Universal or Heavy Forwarders. On the indexers tab, go to Settings > Forwarding and Receiving.If certificate validation is enabled and validation fails because the certificate is not valid or because the common names do not match, streamfwd does not connect to the splunk_app_stream server.Ĭonfigure the indexer receiving port for Splunk Stream data. For the certificate CN, the Common Name formats *. or are supported. If this parameter is left blank, the fully qualified host name of the splunk_app_stream server is verified against the CN in the server certificate. sslCommonNameToCheck = : This lets you override the common name value to compare against the certificate CN.If this parameter is left empty or points to a non-existent file, certificate validation does not occur. If the sslVerifyServerCert parameter is set to true, rootCA must show the full path to the root CA certificate file. rootCA = : Points to the file name of the root CA certificate file.sslVerifyServerCert = true: Enables server ( splunk_app_stream) certificate validation on the client( streamfwd) side.Open to edit $SPLUNK_HOME/etc/apps/Splunk_TA_stream/local/nf.To enable certificate validation, edit the parameters in nf. For more information, see Distributed forwarder management.Įnable certificate validation for SSL connections to Splunk_TA_stream to verify the identity of splunk_app_stream servers. You can also use the stream_forwarder_id to manage distributed stream forwarder instances. ![]() When using a deployment server, if you set or modify the stream_forwarder_id of a Stream forwarder while a process is running, you must restart the universal forwarder for the changes to apply to the stream_forwarder_id. If you change the http port, you must change the URI path to specify the new port.Ĭonfigure the Stream forwarder identifier If you enable SSL, you must change the URI path to specify https. Note: The splunk_app_stream URI supports http and https protocols. Splunk_stream_app_location = disabled = 0įor more information, see How Splunk_TA_stream communicates with splunk_app_stream in this manual. For search head clusters, the address for this can be a single URL that is either a load balancer with sticky sessions or a single member of the SHC.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |