# Version 8.2.3 # # This file contains an example server.conf. Use this file to configure SSL # and HTTP server options. # # To use one or more of these configurations, copy the configuration block # into server.conf in $SPLUNK_HOME/etc/system/local/. You must restart # Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see # the documentation located at # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles # Allow users 8 hours before they time out [general] sessionTimeout=8h pass4SymmKey = changeme # Listen on IPv6 in addition to IPv4... listenOnIPv6 = yes # ...but make all outgoing TCP connections on IPv4 exclusively connectUsingIpVersion = 4-only # Turn on SSL: [sslConfig] enableSplunkdSSL = true useClientSSLCompression = true serverCert = $SPLUNK_HOME/etc/auth/server.pem sslPassword = password sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem certCreateScript = genMyServerCert.sh [proxyConfig] http_proxy = http://proxy:80 https_proxy = http://proxy:80 proxy_rules = * no_proxy = localhost, 127.0.0.1, ::1 ######## SSO Example ######## # This example trusts all logins from the splunk web server and localhost # Note that a proxy to the splunk web server should exist to enforce # authentication [general] trustedIP = 127.0.0.1 ####### Cascading Replication Example ###### [cascading_replication] pass4SymmKey = someSecret max_replication_threads = auto max_replication_jobs = 5 cascade_replication_plan_reap_interval = 1h cascade_replication_plan_age = 8h cascade_replication_plan_fanout = auto cascade_replication_plan_topology = size_balanced cascade_replication_plan_select_policy = random ############################################################################ # Set this node to be a cluster manager. ############################################################################ [clustering] mode = manager replication_factor = 3 pass4SymmKey = someSecret search_factor = 2 ############################################################################ # Set this node to be a slave to cluster manager "SplunkManager01" on port # 8089. ############################################################################ [clustering] mode = slave manager_uri = https://SplunkManager01.example.com:8089 pass4SymmKey = someSecret ############################################################################ # Set this node to be a searchhead to cluster manager "SplunkManager01" on # port 8089. ############################################################################ [clustering] mode = searchhead manager_uri = https://SplunkManager01.example.com:8089 pass4SymmKey = someSecret ############################################################################ # Set this node to be a searchhead to multiple cluster managers - # "SplunkManager01" with pass4SymmKey set to 'someSecret and "SplunkManager02" # with no pass4SymmKey set here. ############################################################################ [clustering] mode = searchhead manager_uri = clustermanager:east, clustermanager:west [clustermanager:east] manager_uri = https://SplunkManager01.example.com:8089 pass4SymmKey=someSecret [clustermanager:west] manager_uri = https://SplunkManager02.example.com:8089 ############################################################################ # Configuration file change audit # To enable the feature, set 'disabled=false'. # Set 'mode=auto' to include all available features. ############################################################################### [config_change_audit] disabled = false mode = auto ############################################################################ # Open an additional non-SSL HTTP REST port, bound to the localhost # interface (and therefore not accessible from outside the machine) Local # REST clients like the CLI can use this to avoid SSL overhead when not # sending data across the network. ############################################################################ [httpServerListener:127.0.0.1:8090] ssl = false [dfs] disabled = false dfc_ip_address = 192.0.2.0 port = 9000 extra_kryo_registered_classes = com.splunk.df.search.compute.objects._String,java.lang.Number spark_master_host = 192.0.2.0 spark_master_webui_port = 8080 connection_timeout = 180 connection_retries = 5