Splunk_Docker/files/splunk-etc/system/README/server.conf.example

#   Version 9.2.2.20240415
#
# This file contains an example server.conf.  Use this file to configure SSL
# and HTTP server options.
#
# To use one or more of these configurations, copy the configuration block
# into server.conf in $SPLUNK_HOME/etc/system/local/. You must restart
# Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see
# the documentation located at
# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles

# Allow users 8 hours before they time out
[general]
sessionTimeout=8h
pass4SymmKey = changeme

# Listen on IPv6 in addition to IPv4...
listenOnIPv6 = yes
# ...but make all outgoing TCP connections on IPv4 exclusively
connectUsingIpVersion = 4-only

# Turn on SSL:

[sslConfig]
enableSplunkdSSL = true
useClientSSLCompression = true
serverCert = $SPLUNK_HOME/etc/auth/server.pem
sslPassword = password
sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem
certCreateScript = genMyServerCert.sh

[proxyConfig]
http_proxy = http://proxy:80
https_proxy = http://proxy:80
proxy_rules = *
no_proxy = localhost, 127.0.0.1, ::1

######## SSO Example ########
# This example trusts all logins from the splunk web server and localhost
# Note that a proxy to the splunk web server should exist to enforce
# authentication
[general]
trustedIP = 127.0.0.1

####### Cascading Replication Example ######
[cascading_replication]
pass4SymmKey = someSecret
max_replication_threads = auto
max_replication_jobs = 5
cascade_replication_plan_reap_interval = 1h
cascade_replication_plan_age = 8h
cascade_replication_plan_fanout = auto
cascade_replication_plan_topology = size_balanced
cascade_replication_plan_select_policy = random


############################################################################
# Set this node to be a cluster manager.
############################################################################


[clustering]
mode = manager
replication_factor = 3
pass4SymmKey = someSecret
search_factor = 2


############################################################################
# Set this node to be a peer to cluster manager "SplunkManager01" on port
# 8089.
############################################################################

[clustering]
mode = peer 
manager_uri = https://SplunkManager01.example.com:8089
pass4SymmKey = someSecret

############################################################################
# Set this node to be a searchhead to cluster manager "SplunkManager01" on
# port 8089.
############################################################################
[clustering]
mode = searchhead
manager_uri = https://SplunkManager01.example.com:8089
pass4SymmKey = someSecret

############################################################################
# Set this node to be a searchhead to multiple cluster managers -
# "SplunkManager01" with pass4SymmKey set to 'someSecret and "SplunkManager02"
# with no pass4SymmKey set here.
############################################################################
[clustering]
mode = searchhead
manager_uri = clustermanager:east, clustermanager:west

[clustermanager:east]
manager_uri = https://SplunkManager01.example.com:8089
pass4SymmKey=someSecret

[clustermanager:west]
manager_uri = https://SplunkManager02.example.com:8089

############################################################################
#     Configuration file change tracker
#  To enable the feature, set 'disabled=false'.
#  Set 'mode=auto' to include all available features.
###############################################################################
[config_change_tracker]
disabled = false
mode = auto
denylist=peer-apps|savedsearches\.conf$
exclude_fields = server.conf:general:pass4SymmKey, authentication.conf:authentication:*
 
############################################################################
# Open an additional non-SSL HTTP REST port, bound to the localhost
# interface (and therefore not accessible from outside the machine)  Local
# REST clients like the CLI can use this to avoid SSL overhead when not
# sending data across the network.
############################################################################
[httpServerListener:127.0.0.1:8090]
ssl = false


############################################################################
# Set modinput facing exec queue to 16MB.
############################################################################
[queue=execProcessorInternalQ]
maxSize = 16384KB
Inital Commit 5 months ago			`# Version 9.2.2.20240415`
			`#`
			`# This file contains an example server.conf. Use this file to configure SSL`
			`# and HTTP server options.`
			`#`
			`# To use one or more of these configurations, copy the configuration block`
			`# into server.conf in $SPLUNK_HOME/etc/system/local/. You must restart`
			`# Splunk to enable configurations.`
			`#`
			`# To learn more about configuration files (including precedence) please see`
			`# the documentation located at`
			`# http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles`

			`# Allow users 8 hours before they time out`
			`[general]`
			`sessionTimeout=8h`
			`pass4SymmKey = changeme`

			`# Listen on IPv6 in addition to IPv4...`
			`listenOnIPv6 = yes`
			`# ...but make all outgoing TCP connections on IPv4 exclusively`
			`connectUsingIpVersion = 4-only`

			`# Turn on SSL:`

			`[sslConfig]`
			`enableSplunkdSSL = true`
			`useClientSSLCompression = true`
			`serverCert = $SPLUNK_HOME/etc/auth/server.pem`
			`sslPassword = password`
			`sslRootCAPath = $SPLUNK_HOME/etc/auth/cacert.pem`
			`certCreateScript = genMyServerCert.sh`

			`[proxyConfig]`
			`http_proxy = http://proxy:80`
			`https_proxy = http://proxy:80`
			`proxy_rules = *`
			`no_proxy = localhost, 127.0.0.1, ::1`

			`######## SSO Example ########`
			`# This example trusts all logins from the splunk web server and localhost`
			`# Note that a proxy to the splunk web server should exist to enforce`
			`# authentication`
			`[general]`
			`trustedIP = 127.0.0.1`

			`####### Cascading Replication Example ######`
			`[cascading_replication]`
			`pass4SymmKey = someSecret`
			`max_replication_threads = auto`
			`max_replication_jobs = 5`
			`cascade_replication_plan_reap_interval = 1h`
			`cascade_replication_plan_age = 8h`
			`cascade_replication_plan_fanout = auto`
			`cascade_replication_plan_topology = size_balanced`
			`cascade_replication_plan_select_policy = random`


			`############################################################################`
			`# Set this node to be a cluster manager.`
			`############################################################################`


			`[clustering]`
			`mode = manager`
			`replication_factor = 3`
			`pass4SymmKey = someSecret`
			`search_factor = 2`


			`############################################################################`
			`# Set this node to be a peer to cluster manager "SplunkManager01" on port`
			`# 8089.`
			`############################################################################`

			`[clustering]`
			`mode = peer`
			`manager_uri = https://SplunkManager01.example.com:8089`
			`pass4SymmKey = someSecret`

			`############################################################################`
			`# Set this node to be a searchhead to cluster manager "SplunkManager01" on`
			`# port 8089.`
			`############################################################################`
			`[clustering]`
			`mode = searchhead`
			`manager_uri = https://SplunkManager01.example.com:8089`
			`pass4SymmKey = someSecret`

			`############################################################################`
			`# Set this node to be a searchhead to multiple cluster managers -`
			`# "SplunkManager01" with pass4SymmKey set to 'someSecret and "SplunkManager02"`
			`# with no pass4SymmKey set here.`
			`############################################################################`
			`[clustering]`
			`mode = searchhead`
			`manager_uri = clustermanager:east, clustermanager:west`

			`[clustermanager:east]`
			`manager_uri = https://SplunkManager01.example.com:8089`
			`pass4SymmKey=someSecret`

			`[clustermanager:west]`
			`manager_uri = https://SplunkManager02.example.com:8089`

			`############################################################################`
			`# Configuration file change tracker`
			`# To enable the feature, set 'disabled=false'.`
			`# Set 'mode=auto' to include all available features.`
			`###############################################################################`
			`[config_change_tracker]`
			`disabled = false`
			`mode = auto`
			`denylist=peer-apps\|savedsearches\.conf$`
			`exclude_fields = server.conf:general:pass4SymmKey, authentication.conf:authentication:*`

			`############################################################################`
			`# Open an additional non-SSL HTTP REST port, bound to the localhost`
			`# interface (and therefore not accessible from outside the machine) Local`
			`# REST clients like the CLI can use this to avoid SSL overhead when not`
			`# sending data across the network.`
			`############################################################################`
			`[httpServerListener:127.0.0.1:8090]`
			`ssl = false`


			`############################################################################`
			`# Set modinput facing exec queue to 16MB.`
			`############################################################################`
			`[queue=execProcessorInternalQ]`
			`maxSize = 16384KB`