Manage to global tcpout properties.
resource "splunk_outputs_tcp_default" "tcp_default" {
name = "tcpout"
disabled = false
default_group = "test-indexers"
drop_events_on_queue_full = 60
index_and_forward = true
send_cooked_data = true
max_queue_size = "100KB"
}
For latest resource argument reference: https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESToutput#data.2Foutputs.2Ftcp.2Fdefault
This resource block supports the following arguments:
name
- (Required) Configuration to be edited. The only valid value is "tcpout".default_group
- (Optional) Comma-separated list of one or more target group names, specified later in [tcpout:disabled
- (Optional) Disables default tcpout settingsdrop_events_on_queue_full
- (Optional) If set to a positive number, wait the specified number of seconds before throwing out all new events until the output queue has space. Defaults to -1 (do not drop events).
heartbeat_frequency
- (Optional) How often (in seconds) to send a heartbeat packet to the receiving server.
Heartbeats are only sent if sendCookedData=true. Defaults to 30 seconds.index_and_forward
- (Optional) Specifies whether to index all data locally, in addition to forwarding it. Defaults to false.
This is known as an "index-and-forward" configuration. This attribute is only available for heavy forwarders. It is available only at the top level [tcpout] stanza in outputs.conf. It cannot be overridden in a target group.max_queue_size
- (Optional) Specify an integer or integer[KB|MB|GB].
send_cooked_data
- (Optional) If true, events are cooked (processed by Splunk software). If false, events are raw and untouched prior to sending. Defaults to true.
Set to false if you are sending to a third-party system.acl
- (Optional) The app/user context that is the namespace for the resourceIn addition to all arguments above, This resource block exports the following arguments:
id
- The ID of the http event collector resource