Splunk UF
Splunk UF source plugin
Splunk Universal Forwarder (UF) is a lightweight data collection agent that enables you to collect local data.
You can use the Calyptia Core Splunk UF Source Plugin to configure your pipeline to receive data from your Splunk UF instances.
The following are configuration Parameters for Splunk UF Source Plugin.
Key | Description |
|---|---|
Port | The TCP port the pipeline should listen on |
The following are Advanced configuration Parameters for Splunk UF Source Plugin.
Key | Description |
|---|---|
Format | Set the format: json or none |
Set Separator | Set Separator |
Chunk Size | Set the chunk size for incoming messages |
Buffer Size | This sets the chunk size for incoming incoming JSON messages. These chunks are then stored/managed in the space available by buffer_size. |
The following are Security and TLS configuration Parameters for Splunk UF Source Plugin.
Key | Description |
|---|---|
TLS | Enable or Disable TLS/SSL support |
TLS Certificate Validation | Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled. |
TLS Debug Level | Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose |
CA Certificate File Path | Absolute path to CA certificate file |
Certificate File Path | Absolute path to Certificate file |
Private key File Path | Absolute path to private Key file |
Private Key Path Password | Optional password for tls.key_file file |
TLS SNI Hostname Extension | Hostname to be used for TLS SNI Extension |
You can use the following configuration in your Splunk Universal Forwarder to send data to Calyptia Core
[tcpout]
defaultGroup = calyptia
disabled = false
[tcpout:calyptia]
server = <CALYPTIA CORE HOST>:<PIPELINE PORT>
sendCookedData = false
negotiateProtocolLevel = 0
Last modified 2mo ago