![]() ![]() ![]() Receives events from Kaspersky CyberTrace at :9998 port.įorwards data to 127.0.0.1:9999 (Feed Service address). Receives data from sources at port 3000 and forwards it as configured in nf. The following table summarizes configuration files used by Forwarder App and Search Head App in the following distributed deployment scheme variants:Ĭonfiguration files of Forwarder App and Search Head App Editing other configuration files may result in unpredictable behavior.Ĭonfiguration files (distributed deployment) Restart Splunk after you make changes to the configuration files.Įdit only those Forwarder App and Search Head App configuration files that are described in this section. Add email addresses to alert templates.See subsection "Adding new event sources" below.įor Search Head App, you may have to do the following: The IP address and port of the Forwarder App that will receive events from Kaspersky CyberTrace must be specified on the Settings > Service tab in Kaspersky CyberTrace Web. For all other Forwarder Apps, disable this rule by specifying true in the disabled parameter for this rule in the Forwarder App configuration file. If several Forwarder Apps are used, only one Forwarder App must receive events from Kaspersky CyberTrace at port 9998.See subsection "Configuring Forwarder App to send events to indexes" below. By default, events that are sent from Forwarder App to Feed Service are not registered in the indexes. Configure Forwarder App to send events to the Indexer (or multiple Indexers).See subsection "Changing the address and port for forwarding data to Feed Service" below. Change the address and port for forwarding events to Feed Service.For Search Head App, you may have to configure the email addresses for alerts.Ĭonfiguration actions for Forwarder App and Search Head Appįor Forwarder App, you may have to do the following: For example, the configuration changes may include changing the Feed Service address used by the apps, or adding new event sources for Forwarder App. In the distributed deployment scheme, you must configure Forwarder App on the basis of the organization of your distributed Splunk environment. ![]() Configuring Forwarder and Search Head apps (distributed deployment) ![]()
0 Comments
Leave a Reply. |