# Version 8.2.3 # DO NOT EDIT THIS FILE! # Changes to default files will be lost on update and are difficult to # manage and support. # # Please make any changes to system defaults by overriding them in # apps or $SPLUNK_HOME/etc/system/local # (See "Configuration file precedence" in the web documentation). # # To override a specific setting, copy the name of the stanza and # setting to the file where you wish to override it. [tcpout] maxQueueSize = auto forwardedindex.0.whitelist = .* forwardedindex.1.blacklist = _.* forwardedindex.2.whitelist = (_audit|_internal|_introspection|_telemetry|_metrics|_metrics_rollup) forwardedindex.filter.disable = false indexAndForward = false autoLBFrequency = 30 autoLBVolume = 0 blockOnCloning = true compressed = false disabled = false dropClonedEventsOnQueueFull = 5 dropEventsOnQueueFull = -1 heartbeatFrequency = 30 maxFailuresPerInterval = 2 secsInFailureInterval = 1 maxConnectionsPerIndexer = 2 forceTimebasedAutoLB = false sendCookedData = true connectionTimeout = 20 readTimeout = 300 writeTimeout = 300 tcpSendBufSz = 0 ackTimeoutOnShutdown = 30 useACK = false blockWarnThreshold = 100 sslQuietShutdown = false connectionTTL = 0 useClientSSLCompression = true # The following provides modern TLS configuration that guarantees forward- # secrecy and efficiency. This configuration drops support for old Splunk # versions (Splunk 5.x and earlier). # To add support for Splunk 5.x set sslVersions to tls and add this to the # end of cipherSuite: # DHE-RSA-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:AES128-SHA # and this, in case Diffie Hellman is not configured: # AES256-SHA:AES128-SHA sslVersions = tls1.2 cipherSuite = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256 ecdhCurves = prime256v1, secp384r1, secp521r1 [syslog] type = udp priority = <13> maxEventSize = 1024