Splunk Audit Event Handler Properties
| Property | Description |
|---|---|
useSSL | Specifies whether IDM should connect to the Splunk instance over SSL. Boolean, true or false. |
host | The hostname or IP address of the Splunk instance. If no hostname is specified, localhost is assumed. |
port | The dedicated Splunk port for HTTP input. Default: 8088. |
buffering | Configuration for event buffering |
maxSize | The maximum number of events that can be buffered. Default/minimum: 10000. |
writeInterval | The delay after which the file-writer thread is scheduled to run after encountering an empty event buffer (units of 'ms' or 's' are recommended). Default: 100 ms. |
maxBatchedEvents | The maximum number of events per batch-write to Splunk for each Write Interval. Default: 500. |
authzToken | The authorization token associated with the Splunk configured HTTP event collector. |