Splunk HTTP Event Collector (HEC)

Whether or not to remove channels after idling for max_idle_time seconds.

A channel is idling if it is not used for sending data or querying acknowledgement statuses.

The amount of time, in seconds, a channel is allowed to idle before removal.

Channels can potentially idle for longer than this setting but clients should not rely on such behavior.

Minimum of 1.

The maximum number of Splunk HEC channels clients can use with this source.

Minimum of 1.

The maximum number of acknowledgement statuses pending query across all channels.

Equivalent to the max_number_of_acked_requests_pending_query Splunk HEC setting.

Minimum of 1.

The maximum number of acknowledgement statuses pending query for a single channel.

Equivalent to the max_number_of_acked_requests_pending_query_per_ack_channel Splunk HEC setting.

Minimum of 1.

The factor by which to jitter the max_connection_age_secs value.

A value of 0.1 means that the actual duration will be between 90% and 110% of the specified maximum duration.

The maximum amount of time a connection may exist before it is closed by sending a Connection: close header on the HTTP response. Set this to a large value like 100000000 to “disable” this feature

Only applies to HTTP/0.9, HTTP/1.0, and HTTP/1.1 requests.

A random jitter configured by max_connection_age_jitter_factor is added to the specified duration to spread out connection storms.

Sets the list of supported ALPN protocols.

Declare the supported ALPN protocols, which are used during negotiation with a peer. They are prioritized in the order that they are defined.

Absolute path to an additional CA certificate file.

The certificate must be in the DER or PEM (X.509) format. Additionally, the certificate can be provided as an inline string in PEM format.

Absolute path to a certificate file used to identify this server.

The certificate must be in DER, PEM (X.509), or PKCS#12 format. Additionally, the certificate can be provided as an inline string in PEM format.

If this is set and is not a PKCS#12 archive, key_file must also be set.

Whether or not to require TLS for incoming or outgoing connections.

When enabled and used for incoming connections, an identity certificate is also required. See tls.crt_file for more information.

Absolute path to a private key file used to identify this server.

The key must be in DER or PEM (PKCS#8) format. Additionally, the key can be provided as an inline string in PEM format.

Passphrase used to unlock the encrypted key file.

This has no effect unless key_file is set.

Server name to use when using Server Name Indication (SNI).

Only relevant for outgoing connections.

Enables certificate verification. For components that create a server, this requires that the client connections have a valid client certificate. For components that initiate requests, this validates that the upstream has a valid certificate.

If enabled, certificates must not be expired and must be issued by a trusted issuer. This verification operates in a hierarchical manner, checking that the leaf certificate (the certificate presented by the client/server) is not only valid, but that the issuer of that certificate is also valid, and so on, until the verification process reaches a root certificate.

Do NOT set this to false unless you understand the risks of not verifying the validity of certificates.

Enables hostname verification.

If enabled, the hostname used to connect to the remote host must be present in the TLS certificate presented by the remote host, either as the Common Name or as an entry in the Subject Alternative Name extension.

Only relevant for outgoing connections.

Do NOT set this to false unless you understand the risks of not verifying the remote hostname.