Configure shared Edge Processor settings

The Edge Processor service supports several configuration settings that apply to all Edge Processors that are part of the same cloud tenant. These settings determine behavior such as which port your Edge Processors uses to listen for incoming data, and the amount of computing resources that an Edge Processor can use before warnings are raised.

Your updated settings are applied to all current Edge Processors after selecting Save. Additionally, your updated settings are used by default for any new Edge Processors that you set up afterwards.

1. Select Edge Processors, and then select Shared settings.
2. To specify the amount of computing resources that an Edge Processor can use before it enters a Warning state due to high resource usage, do the following:
1. Select the Other settings tab, then select Edit.
2. Configure the following settings:

   Field	Description
   CPU threshold	The percentage of the total allocated CPU processing power that an Edge Processor can use before a warning is raised
   Memory threshold	The percentage of the total allocated memory that an Edge Processor can use before a warning is raised

3. Select Save. For other shared settings, select the Receiver settings tab.
3. To specify how Edge Processors receive data from universal and heavy forwarders, do the following:
1. In the Splunk forwarders section, select Edit.
2. Configure the following:

   Field	Description
   Port	The number of the TCP port used to receive data from forwarders
   Maximum channels	The number of channels an Edge Processor can use to receive data from forwarders

3. Select Save.
4. To specify the port that Edge Processors use to receive data from HTTP clients and logging agents through HTTP Event Collector (HEC), in the HTTP Event Collector section, do the following:
1. In the Port settings area, select Edit.
2. Enter your desired port number in the Port field and then select Save.
5. To secure the HEC receiver in your Edge Processors by requiring incoming HTTP requests to be authenticated using a HEC token, do the following:
1. In the Token authentication section, select Edit.
2. Turn on Token authentication.
3. In the HEC tokens field, enter one or more tokens separated by commas, then select Add.
4. Select Save.

When token authentication is turned on, data sources can only send data to the Edge Processor through HEC if the HTTP request includes a matching HEC token. See the following for more information:

• Get data into an Edge Processor using HTTP Event Collector
• How the Splunk platform uses HTTP Event Collector tokens to get data in in the Splunk Enterprise Getting Data In manual
6. To specify the port that Edge Processors use to receive data from syslog data sources, do the following:
1. In the Syslog section, select New Port.
2. Configure the following:

   Field	Description
   Port	The number of the TCP or UDP port used to receive data from forwarders
   Source type	The metadata assigned to incoming syslog data to allow pipeline processing
   RFC protocol	The standard that defines the format of your syslog data

3. Select Save.
7. If you changed any of the Port settings, make sure to update the configurations of your data sources to account for the updated port number. Review and update these configurations as needed:

   Type of data source	Configuration instructions
   Splunk forwarders	In the outputs.conf file, make sure that the server property specifies the correct port number.
   HTTP clients or logging agents using HTTP Event Collector (HEC)	Make sure that the HTTP requests for sending data to the Edge Processor are directed to the correct port number. If your HTTP requests are directed to a load balancer, make sure that the load balancer is configured to pass the requests to the correct port number.
   Syslog devices	Make sure that the syslog requests for sending data to the Edge Processor are directed to the correct port number.