/
conf.yaml.example
90 lines (70 loc) · 3.35 KB
/
conf.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
init_config:
# time before a HTTP request times out
default_request_timeout_seconds: 10
# a search on a saved search does not immediately return results, one has to retry until data is received,
# search_max_retry_count specifies the number of retries in which it expects results to be available.
# Between each retry some time is waited before retrying, specified by search_seconds_between_retries.
default_search_max_retry_count: 10
default_search_seconds_between_retries: 1
# The number of saved searches to dispatch and await for results simultaneously.
default_saved_searches_parallel: 3
# How many results should we request per request to splunk
default_batch_size: 1000
# verify ssl certificate of the connection to Splunk
default_verify_ssl_certificate: false
# the Splunk app in where the saved searches are located
default_app: "search"
# default parameters for the Splunk saved search query, these parameters make sure the query refreshes.
default_parameters:
force_dispatch: true
dispatch.now: true
# Currently it is not possible to specify multiple instances with the same url.
# It is possible to specify multiple saved_searches on a single instance.
instances:
- url: "https://localhost:8089"
# Interval when running saved searches
collection_interval: 120
# username: "admin" ## deprecated; use basic_auth.username under authentication section
# password: "admin" ## deprecated; use basic_auth.password under authentication section
# verify_ssl_certificate: false
## Integration supports either basic authentication or token based authentication.
## Token based authentication is preferred before basic authentication.
authentication:
basic_auth:
username: "admin"
password: "admin"
# token_auth:
## Token for the user who will be using it
# name: "api-user"
## The initial valid token which will be exchanged with new generated token as soon as the check starts
## first time and in case of restart, this token will not be used anymore
# initial_token: "my-initial-token-hash"
## JWT audience used for purpose of token
# audience: "search"
## When a token is about to expire, a new token is requested from Splunk. The validity of the newly requested
## token is requested to be `token_expiration_days` days. After `renewal_days` days the token will be renewed
## for another `token_expiration_days` days.
# token_expiration_days: 90
## the number of days before when token should refresh, by default it's 10 days.
# renewal_days: 10
# Determine whether to produce topology in snapshots, defaults to true
# snapshot: true
# saved_searches_parallel: 5
# make the agent less strict and allow for saved searches to be failing or missing
ignore_saved_search_errors: true
saved_searches:
- name: "health"
# Wilcard match to find component queries, can be used instead of name
# match: "comp.*"
# app: "search"
# request_timeout_seconds: 10
# search_max_retry_count: 5
# search_seconds_between_retries: 1
# batch_size: 1000
# parameters:
# force_dispatch: true
# dispatch.now: true
# Used when reporting errors
# tags:
# - optional_tag1
# - optional_tag2