-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathexport_cloud_amer.conf
More file actions
32 lines (29 loc) · 844 Bytes
/
export_cloud_amer.conf
File metadata and controls
32 lines (29 loc) · 844 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[splunk_source]
SPLUNK_HOST=cloud-architects.splunkcloud.com
SPLUNK_PORT=8089
SPLUNK_AUTH_TOKEN=%(SPLUNK_LAPTOP_TOKEN)s
[splunk_hec_target]
HEC_HOST=localhost
HEC_PORT=8088
HEC_TOKEN=b80228ef-f25b-4243-81bd-7109e039fb13
HEC_TLS=True
HEC_TLS_VERIFY=False
[search]
#indexes=sample_people,access_combined,main
indexes=_internal
sourcetypes=splunkd
#sourcetypes=splunkd_access,splunkd,splunk_btool,splunk_python,splunkd_ui_access,splunkd_remote_searches
begin_date=2022-11-1
end_date=
#extra=| table *
#extra=| head 50000 | table *
extra=| head 10 | table _time _raw index source sourcetype | sort 0 _time
[export]
log_level=WARNING # DEBUG,INFO,WARNING,ERROR,CRITICAL
parition_units=days
partition_interval=1
parallel_processes=4
output_destination=file # file | hec
gzip=false
resume_mode=overwrite # overwrite | resume
max_file_size_mb=1000