Update getting-started-runtime-configuration.md #2419
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A lot of changes, with likely more to go. Take a look and let me know if you have comments, suggestions, etc., and I will do another edit.
…onnect-for-syslog into jenworthington-patch-6-1
|
@jenworthington please pull my latest changes, it's been quite a lot of them exceeding this single document, because much of it's content was duplicating other articles. Anyway, ready for your final pass |
|
Also see rendered docs from this PR (2419) here: https://splunk.github.io/splunk-connect-for-syslog/2419/configuration/#log-path-overrides-of-index-or-metadata |
|
Let's walk through how I pull your changes in the meeting tomorrow? |
| @@ -1,4 +1,5 @@ | |||
| # Quickstart Guide | |||
| This guide will enable you to quickly implement basic changes to your Splunk instance and set up a simple SC4S installation. It's a great starting point for working with SC4S and establishing a minimal operational solution. The same steps are thoroughly described in the [Splunk Setup](getting-started-splunk-setup.md) and [Runtime configuration](getting-started-runtime-configuration.md) sections. | |||
There was a problem hiding this comment.
@jenworthington can you take a look at this change that I added?
| match this, edit `/etc/sysctl.conf` using the following whole-byte values corresponding to 16 MB: | ||
| ## Step 1: Configure your OS to work with SC4S | ||
| ### Tune your receiver buffer | ||
| The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. |
There was a problem hiding this comment.
Suggested change
| The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. | |
| The host Linux OS receive buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. |
| ## Step 1: Configure your OS to work with SC4S | ||
| ### Tune your receiver buffer | ||
| The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. | ||
| The default receiver buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to |
There was a problem hiding this comment.
Suggested change
| The default receiver buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to | |
| The default receive buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to |
| The default receive buffer for sc4s is set to 16 MB for UDP traffic, which should be OK for most environments. To set the host OS kernel to | ||
| match this, edit `/etc/sysctl.conf` using the following whole-byte values corresponding to 16 MB: | ||
| ## Step 1: Configure your OS to work with SC4S | ||
| ### Tune your receiver buffer |
There was a problem hiding this comment.
Suggested change
| ### Tune your receiver buffer | |
| ### Tune your receive buffer |
| ## IPv4 Forwarding | ||
| 3. To verify that the kernel does not drop packets, periodically monitor the buffer using the command | ||
| `netstat -su | grep "receive errors"`. Failure to tune the kernel for high-volume traffic results in message loss, which can be | ||
| unpredictable and difficult to detect. The default values for receiver kernel buffers in most distributions is 2 MB, |
There was a problem hiding this comment.
Suggested change
| unpredictable and difficult to detect. The default values for receiver kernel buffers in most distributions is 2 MB, | |
| unpredictable and difficult to detect. The default values for receive kernel buffers in most distributions is 2 MB, |
|
@jenworthington ready for the final pass |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A lot of changes, with likely more to go. Take a look and let me know if you have comments, suggestions, etc., and I will do another edit.