server.conf
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
server.conf
The following are the spec and example files for server.conf.
server.conf.spec
# Copyright (C) 2005-2010 Splunk Inc. All Rights Reserved. Version 4.0
#
# This file contains possible attributes and values you can use to configure SSL and HTTP server options
# in server.conf.
#
# There is a server.conf in $SPLUNK_HOME/etc/system/default/. To set custom configurations,
# place a server.conf in $SPLUNK_HOME/etc/system/local/. For examples, see server.conf.example.
# You must restart Splunk to enable configurations.
#
# To learn more about configuration files (including precedence) please see the documentation
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles
# This file contains options for controlling the server configuration
# The only options currently available is controlling the SSL
# configuration of the server.
##########################################################################################
# General Server Configuration
##########################################################################################
[general]
serverName = <ascii string>
* The name used to identify this Splunk instance for features such as distributed search.
* Defaults to <hostname>-<user running splunk>.
sessionTimeout = <time range string>
* The amount of time before a user session times out, expressed as a search-like time range
* Examples include '24h' (24 hours), '3d' (3 days), '7200s' (7200 seconds, or two hours)
* Defaults to '1h' (1 hour)
##########################################################################################
# SSL Configuration details
##########################################################################################
[sslConfig]
* Set SSL for communications on Splunk's back-end under this stanza name.
* NOTE: To set SSL (eg HTTPS) for Splunk Web and the browser, use web.conf.
* Follow this stanza name with any number of the following attribute/value pairs.
* If you do not specify an entry for each attribute, Splunk will use the default value.
enableSplunkdSSL = <true | false>
* Enables/disables SSL on the splunkd management port (8089).
* Defaults to true.
useClientSSLCompression = <true | false>
* Turns on HTTP client compression.
* Server-side compression is turned on by default; setting this on the client side enables
compression between server and client.
* Enabling this potentially gives you much faster distributed searches across multiple
Splunk instances.
* Defaults to true.
supportSSLV3Only = <true|false>
* If true, tells the HTTP server to only accept connections
* from SSLv3 clients.
* Default is false.
sslVerifyServerCert = <true|false>
* Used by distributed search: When making a search request to another
server in the search cluster.
* Used by distributed deployment clients: When polling a deployment
server.
* If true, make sure that the server that is being connected to
is a valid one (authenticated). Both the common name and the alternate name
of the server are then checked for a match if they are specified in this
configuration file.
* Default is false
sslCommonNameToCheck = <commonName>
* The common name to check when 'sslVerifyServerCert' is set to true
* Optional. Defaults to no common name checking.
sslAltNameToCheck = <alternateName>
* The alternate name to check when 'sslVerifyServerCert' is set to true
* Optional. Defaults to no alternate name checking
requireClientCert = <true|false>
* Requires that any HTTPS client that connects to splunkds internal HTTPS server
has a certificate that was signed by our certificate authority.
* Used by distributed search: Splunk indexing instances must be authenticated
to connect to another splunk indexing instance.
* Used by distributed deployment: The deployment server requires that
deployment clients are authenticated before allowing them to poll for new
configurations/applications.
* If true, a client can connect ONLY if a certificate created by our
certificate authority was used on that client.
* Default is false
cipherSuite = <cipher suite string>
* If set, uses the specified cipher string for the HTTP server.
If not set, uses the default cipher string
provided by OpenSSL. This is used to ensure that the server does not
accept connections using weak encryption protocols.
sslKeysfile = <filename>
* Server certificate file.
* Certificates are auto-generated by splunkd upon starting Splunk.
* You may replace the default cert with your own PEM format file.
* Certs are stored in caPath (see below).
* Default is server.pem.
sslKeysfilePassword = <password>
* Server certificate password.
* Default is password.
caCertFile = <filename>
* Public key of the signing authority.
* Default is cacert.pem.
caPath = <path>
* path where all these certs are stored.
* Default is $SPLUNK_HOME/etc/auth.
certCreateScript = <script name>
* Creation script for generating certs on startup
of Splunk.
* Default is genSignedServerCert.sh
##########################################################################################
# Splunkd HTTP server configuration
##########################################################################################
[httpServer]
* Set stand-alone HTTP settings for Splunk under this stanza name.
* Follow this stanza name with any number of the following attribute/value pairs.
* If you do not specify an entry for each attribute, Splunk uses the default value.
atomFeedStylesheet = <string>
* Defines the stylesheet relative URL to apply to default Atom feeds.
* Set to 'none' to stop writing out xsl-stylesheet directive.
* Defaults to /static/atom.xsl.
max-age = <int>
* Set the maximum time (in seconds) to cache a static asset served off of the '/static' directory.
* This value is passed along in the 'Cache-Control' HTTP header.
* Defaults to 3600.
follow-symlinks = <true|false>
* Toggle whether static file handler (serving the '/static' directory) follow filesystem
symlinks when serving files.
* Defaults to false.
disableDefaultPort = <true|false>
* If true, turns off listening on the splunkd management port (8089 by default)
* Default value is 'false'.
##########################################################################################
# Splunkd HTTPServer listner configuration
#########################################################################################
[httpServerListener:<ip>:<port>]
* Enable the splunkd http server to listen on a network interface (NIC) specified by
<ip> and a port number specified by <port>. If you leave <ip> blank (but still include the ':'),
splunkd will listen on the kernel picked NIC using port <port>.
ssl = <true|false>
* Toggle whether this listening ip:port will use SSL or not.
* Default value is 'true'.
##########################################################################################
# Static file handler MIME-type map
[mimetype-extension-map]
* Map filename extensions to MIME type for files served from the static file handler under
this stanza name.
<file-extension> = <MIME-type>
* Instructs the HTTP static file server to mark any files ending in 'file-exension'
with a header of 'Content-Type: <MIME-type>'.
* Defaults to:
[mimetype-extension-map]
gif = image/gif
htm = text/html
jpg = image/jpg
png = image/png
txt = text/plain
xml = text/xml
xsl = text/xml
##########################################################################################
# Remote applications configuration (e.g. SplunkBase)
##########################################################################################
[applicationsManagement]
* Set remote applications settings for Splunk under this stanza name.
* Follow this stanza name with any number of the following attribute/value pairs.
* If you do not specify an entry for each attribute, Splunk uses the default value.
url = <URL>
* Applications repository.
* Defaults to http://www.splunkbase.com/api/apps
loginUrl = <URL>
* Applications repository login.
* Defaults to http://www.splunkbase.com/api/account:login/
useragent = <splunk-version>-<splunk-build-num>-<platform>
* User-agent string to use when contacting applications repository.
* <platform> includes information like operating system and CPU architecture.
##########################################################################################
# Misc. configuration
##########################################################################################
[scripts]
initialNumberOfScriptProcesses = N
* N is the number of pre-forked script processes that are launched
when the system comes up. These scripts are reused when script REST endpoints *and*
search scripts are executed. The idea is to eliminate the performance
overhead of launching the script interpreter every time it is invoked. These
processes are put in a pool. If the pool is completely busy when a script gets
invoked, a new processes is fired up to handle the new invocation - but it
disappears when that invocation is finished.
##########################################################################################
# Disk usage settings (for the indexer, not for Splunk log files)
##########################################################################################
[diskUsage]
minFreeSpace = <num>
* The diskusage processor prevents Splunk from adding data to the index once
the minimum diskspace allowed is reached.
* The default setting is 2000 megabytes.
pollingFrequency = <num>
* The default polling frequency is every 100000 events.
##########################################################################################
# Queue settings
##########################################################################################
[queue=<queueName>]
maxSize = <num>
* The maximum number of pipeline data that queue can hold
* The default is 1000
# PubSub server settings for the http endpoint.
##########################################################################################
[pubsubsvr-http]
disabled=<true or false>
* If disabled, then http endpoint is not registered. Set this value to 'false' to
expose PubSub server on http.
* Defaults to 'true'
stateIntervalInSecs=300
* How many seconds before a connection is flushed due to inactivity. Connectsions are not
closed, only messages for that connection are flushed.
* Defaults to 300 seconds/5 minutes.
server.conf.example
# Copyright (C) 2005-2010 Splunk Inc. All Rights Reserved. Version 4.0 # # This file contains an example server.conf. Use this file to configure SSL and HTTP server options. # # To use one or more of these configurations, copy the configuration block into # server.conf in $SPLUNK_HOME/etc/system/local/. You must restart Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see the documentation # located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles # Allow users 8 hours before they time out [general] sessionTimeout=8h # Turn on SSL: [sslConfig] enableSplunkdSSL = true useClientSSLCompression = true sslKeysfile = server.pem sslKeysfilePassword = password caCertFile = cacert.pem caPath = $$SPLUNK_HOME/etc/auth certCreateScript = genSignedServerCert.sh
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.