The Edge Processor service supports several configuration settings that apply to all Edge Processors that are part of the same cloud tenant. These settings determine behavior such as which port your Edge Processors uses to listen for incoming data, and the amount of computing resources that an Edge Processor can use before warnings are raised.
Your updated settings are applied to all current Edge Processors after selecting Save. Additionally, your updated settings are used by default for any new Edge Processors that you set up afterwards.
- Select Edge Processors, and then select Shared settings.
- To specify the amount of computing resources that an Edge Processor can use before it enters a Warning state due to high resource usage, do the following:
- Select the Other settings tab, then select Edit.
- Configure the following settings:
Field Description CPU threshold The percentage of the total allocated CPU processing power that an Edge Processor can use before a warning is raised Memory threshold The percentage of the total allocated memory that an Edge Processor can use before a warning is raised - Select Save. For other shared settings, select the Receiver settings tab.
- To specify how Edge Processors receive data from universal and heavy forwarders, do the following:
- In the Splunk forwarders section, select Edit.
- Configure the following:
Field Description Port The number of the TCP port used to receive data from forwarders Maximum channels The number of channels an Edge Processor can use to receive data from forwarders - Select Save.
- To specify the port that Edge Processors use to receive data from HTTP clients and logging agents through HTTP Event Collector (HEC), in the HTTP Event Collector section, do the following:
- In the Port settings area, select Edit.
- Enter your desired port number in the Port field and then select Save.
- To secure the HEC receiver in your Edge Processors by requiring incoming HTTP requests to be authenticated using a HEC token, do the following:
- In the Token authentication section, select Edit.
- Turn on Token authentication.
- In the HEC tokens field, enter one or more tokens separated by commas, then select Add.
- Select Save.
- Get data into an Edge Processor using HTTP Event Collector
- How the Splunk platform uses HTTP Event Collector tokens to get data in in the Splunk Enterprise Getting Data In manual
- To specify the port that Edge Processors use to receive data from syslog data sources, do the following:
- In the Syslog section, select New Port.
- Configure the following:
Field Description Port The number of the TCP or UDP port used to receive data from forwarders Source type The metadata assigned to incoming syslog data to allow pipeline processing RFC protocol The standard that defines the format of your syslog data - Select Save.
- If you changed any of the Port settings, make sure to update the configurations of your data sources to account for the updated port number. Review and update these configurations as needed:
Type of data source Configuration instructions Splunk forwarders In the outputs.conf file, make sure that the server
property specifies the correct port number.HTTP clients or logging agents using HTTP Event Collector (HEC) Make sure that the HTTP requests for sending data to the Edge Processor are directed to the correct port number.
If your HTTP requests are directed to a load balancer, make sure that the load balancer is configured to pass the requests to the correct port number.Syslog devices Make sure that the syslog requests for sending data to the Edge Processor are directed to the correct port number.
When token authentication is turned on, data sources can only send data to the Edge Processor through HEC if the HTTP request includes a matching HEC token. See the following for more information:
PREVIOUS Manage and uninstall Edge Processors |
NEXT Edge Processor pipeline syntax |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312
Feedback submitted, thanks!