Configure the Splunk Client Policy

Using the Client Policy Builder, you can create and modify policies for your LCE Splunk Client. The following steps are performed via the web interface on the LCE server that you configured your LCE Splunk Client to communicate with.

Caution: The LCE Splunk Client can process a maximum of 500 logs per second. Processing more than 500 logs per second can result in a loss of data. This is an absolute limit and cannot be increased by improving the system hardware.

To configure the Splunk Client:

1. Using the Client Policy Builder, create a policy for your LCE Splunk Client. This documentation includes a list of valid configuration items for the client policy.

   Note: The LCE Splunk Client policy requires at least one IP address for a Splunk server. If no IP addresses are provided, the client will not open the Listen port.

   In order for the Splunk Client to function, you will need to edit the Client policy, include the required syntax noted below, and specify your Splunk server.

   XML Example:

   <splunk-server>192.0.2.10</splunk-server>

2. Assign the policy to the LCE Splunk Client.