Closed aleoliva closed 4 years ago
Hi
Default Settings of Splunk Base Config Apps are not part of the Splunkenizer and are maintained by Splunk Professional Services.
The settings here, you want to set are default values of Splunk Core anyway, so you don't need to set them. You can always find the default on the systems in /opt/splunk/etc/system/default/outputs.conf
[indexAndForward]
index = false
[tcpout]
indexAndForward = false
However you can always change the default values in the base_config_apps in your Software location to be picked up during install or deploy a modified version after installation.
Hi,
Yes, this is true for indexAndForward
but forwardedindex.filter.disable
is disable by default, e.g.:
$ grep forwardedindex.filter.disable /opt/splunk/etc/system/default/outputs.conf
forwardedindex.filter.disable = false
However I didn't know this part was under Splunk Professional Services responsibilities. Do you know if they have a channel to where I can rise my suggestion?
However you can always change the default values in the base_config_apps in your Software location to be picked up during install or deploy a modified version after installation.
Yes, this is going to be our way; we just wanted to suggest you this update.
However I didn't know this part was under Splunk Professional Services responsibilities. Do you know if they have a channel to where I can rise my suggestion?
I suggest to send such things to a Splunk Professional Services Consultant you work with. For this particular suggestion I can track it. Thanks for mentioning it. I will close this ticket now.
Describe the bug Following Splunk>docs, Best practice: Forward master node data to the indexer layer: It is suggested to set-up
outputs.conf
file as:However, actual
org_all_forwarder_outputs/local/outputs.conf
defines:To Reproduce N/A
Expected behavior We consider that using
[indexAndForward]
andforwardedindex.filter.disable = true
, inoutputs.conf
file, would set a more consistent platform setup than specifically list all internal indexes.Screenshots N/A
Desktop (please complete the following information):
Additional context N/A