Splunk
After the Splunk connection is set up in EPM-L, events are collected and can be viewed using the unified search feature.
Settings
siemcreddb
The name of the database file in which the Splunk credentials will be stored. The default is
/opt/pbul/dbs/pbsiemcred.db
siemcafile
The name of the optional Certificate Authority file used to initiate a secure HTTPS connection to the Splunk Enterprise or Cloud instance. There is no default value.
siemcertfile
The name of the optional certificate file used in a secure HTTPS connection. There is no default value.
siemkeyfile
The name of the optional key file used in a secure HTTPS connection. There is also no default value.
siemdeliverytimeout
This is used to specify the CURLOPT_TIMEOUT value, in seconds, associated with a libcurl-based connection to a Splunk instance. The default is 30.
sieminstances
One or more IDs to which events and IO logs will be delivered:
sieminstances cloud
siemdatatypes
Specify eventlog, iolog or both:
siemdatatypes eventlog iolog
siemoptions
Specify bulk insert options batchsize and usebulkapi, e.g.,
siemdoptions batchsize=10 usebulkapi
Note that usebulkapi, if included, specifies whether to forward multiple records in a single send that the message router failed to transfer initially. If usebulkapi is specified, then batchsize (default is 10), specifies the number of records that should be included in that send. Also note that siemoptions is not set by default.
siemiologfieldsizekb
Used to specify, in kilobytes, the amount of IO log data to send within a single part, via the IO log part mechanism for sending large IO logs in multiple parts to a destination. The default is 1024, and the range is from 8 to 65536.
siemiologfieldsizekb 1024
siemiologfieldsizekb 1024
Updated about 1 month ago