New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update getting-started-runtime-configuration.md #2419
base: main
Are you sure you want to change the base?
Conversation
A lot of changes, with likely more to go. Take a look and let me know if you have comments, suggestions, etc., and I will do another edit.
…onnect-for-syslog into jenworthington-patch-6-1
@jenworthington please pull my latest changes, it's been quite a lot of them exceeding this single document, because much of it's content was duplicating other articles. Anyway, ready for your final pass |
Also see rendered docs from this PR (2419) here: https://splunk.github.io/splunk-connect-for-syslog/2419/configuration/#log-path-overrides-of-index-or-metadata |
Let's walk through how I pull your changes in the meeting tomorrow? |
@@ -1,4 +1,5 @@ | |||
# Quickstart Guide | |||
This guide will enable you to quickly implement basic changes to your Splunk instance and set up a simple SC4S installation. It's a great starting point for working with SC4S and establishing a minimal operational solution. The same steps are thoroughly described in the [Splunk Setup](getting-started-splunk-setup.md) and [Runtime configuration](getting-started-runtime-configuration.md) sections. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jenworthington can you take a look at this change that I added?
match this, edit `/etc/sysctl.conf` using the following whole-byte values corresponding to 16 MB: | ||
## Step 1: Configure your OS to work with SC4S | ||
### Tune your receiver buffer | ||
The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. | |
The host Linux OS receive buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. |
## Step 1: Configure your OS to work with SC4S | ||
### Tune your receiver buffer | ||
The host Linux OS receiver buffer size must be tuned to match the SC4S default. This helps to avoid event dropping at the network level. | ||
The default receiver buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default receiver buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to | |
The default receive buffer for SC4S is 16 MB for UDP traffic, which should be acceptable for most environments. To set the host OS kernel to |
The default receive buffer for sc4s is set to 16 MB for UDP traffic, which should be OK for most environments. To set the host OS kernel to | ||
match this, edit `/etc/sysctl.conf` using the following whole-byte values corresponding to 16 MB: | ||
## Step 1: Configure your OS to work with SC4S | ||
### Tune your receiver buffer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
### Tune your receiver buffer | |
### Tune your receive buffer |
## IPv4 Forwarding | ||
3. To verify that the kernel does not drop packets, periodically monitor the buffer using the command | ||
`netstat -su | grep "receive errors"`. Failure to tune the kernel for high-volume traffic results in message loss, which can be | ||
unpredictable and difficult to detect. The default values for receiver kernel buffers in most distributions is 2 MB, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unpredictable and difficult to detect. The default values for receiver kernel buffers in most distributions is 2 MB, | |
unpredictable and difficult to detect. The default values for receive kernel buffers in most distributions is 2 MB, |
@jenworthington ready for the final pass |
A lot of changes, with likely more to go. Take a look and let me know if you have comments, suggestions, etc., and I will do another edit.