Dell PowerStore 3200T Using the Common Event Enabler 8.x on Linux Platforms - Page 11

EndPoint, SplunkHEC Index, Host server, token, Indexing configuration example

Get Dell PowerStore 3200T PDF manuals and user guides View all Dell PowerStore 3200T manuals
Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

12228 c. For each Indexing vendor that you are using, edit the: ● EndPoint option with the software name (SplunkHEC), HTTPS address of the computer where the Splunk consumer application is installed, and port number of 8088. You can designate multiple HTTPS addresses by separating them with semicolons (;). ● SplunkHEC Index option with a user-defined name for the index. Only one index value is allowed. ● Host server option with the IP address of the computer where the Splunk consumer application is installed. ● token option with the GUID generated by Splunk Enterprise or Splunk Cloud application for the index. NOTE: If the Splunk consumer application is installed on multiple computers, you must create multiple lines, one for each computer. Indexing configuration example: This example shows a configuration file that is enabled for an Indexing configuration. 0 0 0 60 100 1 SplunkHEC@https://10.3.4.20:8088 60 100 ceeindex 100 0 10 60 20 0 12228 3. In the information source software that sends events to CEE, ensure that the HttpPort option is set to the default port number of 12228. Configuring the Event Publishing Agent 11

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
<HttpPort>12228</HttpPort>
</Configuration>
</emc_cee_config>
c.
For each Indexing vendor that you are using, edit the:
EndPoint
option with the software name (
SplunkHEC
), HTTPS address of the computer where the Splunk
consumer application is installed, and port number of
8088
. You can designate multiple HTTPS addresses by
separating them with semicolons (;).
SplunkHEC Index
option with a user-defined name for the index. Only one index value is allowed.
Host server
option with the IP address of the computer where the Splunk consumer application is installed.
token
option with the GUID generated by Splunk Enterprise or Splunk Cloud application for the index.
NOTE:
If the Splunk consumer application is installed on multiple computers, you must create multiple <Host
server / token> lines, one for each computer.
Indexing configuration example:
This example shows a configuration file that is enabled for an Indexing configuration.
<emc_cee_config version="213.4.28.0">
<CEPP>
<Audit>
<Configuration>
<Enabled>0</Enabled>
<EndPoint></EndPoint>
</Configuration>
</Audit>
<CQM>
<Configuration>
<Enabled>0</Enabled>
<EndPoint></EndPoint>
</Configuration>
</CQM>
<VCAPS>
<Configuration>
<Enabled>0</Enabled>
<EndPoint></EndPoint>
<FeedInterval>60</FeedInterval>
<MaxEventsPerFeed>100</MaxEventsPerFeed>
</Configuration>
</VCAPS>
<Index>
<Configuration>
<Enabled>1</Enabled>
<FeedInterval>60</FeedInterval>
<MaxEventsPerFeed>100</MaxEventsPerFeed>
<SplunkHEC>
<Index>ceeindex</Index>
<Host server="10.3.4.20" token="ab962c17-55dc-4516-b3f0-4xyza07bfb22"/>
</SplunkHEC>
</Configuration>
</Index>
</CEPP>
<Configuration>
<CacheSize>100</CacheSize>
<Debug>0</Debug>
<HeartBeatIntervalSecs>10</HeartBeatIntervalSecs>
<InstrIntervalSecs>60</InstrIntervalSecs>
<NumberOfThreads>20</NumberOfThreads>
<Verbose>0</Verbose>
<HttpPort>12228</HttpPort>
</Configuration>
</emc_cee_config>
3.
In the information source software that sends events to CEE, ensure that the
HttpPort
option is set to the default port
number of
12228
.
Configuring the Event Publishing Agent
11