I've enabled indexer discovery on my 6.3.1 linux universal forwarders.
http://docs.splunk.com/Documentation/Splunk/6.3.1/Indexer/indexerdiscovery
3. Configure the forwarders
a. Configure the forwarders to use indexer discovery
On each forwarder, add these settings to the outputs.conf file:
[indexer_discovery:]
pass4SymmKey =
master_uri =
[tcpout:]
indexerDiscovery =
I have noticed that the pass4SymmKey is not being encrypted when the server first starts after its been added.
Is this by design or is it a flaw?
↧