- Site Collector Overview
- Get Started with Site Collectors
- Install Site Collector
- Set Up Collectors
- Manage Site Collectors
- Apply Antivirus Exclusions
- Migrate to the New-Scale Site Collectors Service
- Modify Collector Configuration
- Modify a Site Collector Instance
- Manage Templates
- Monitor Log Sources
- Add Filters to Set Egress Log Filtering Conditions
- New Site Collector Management Service NGSCD
- Regenerate Certificates for Collectors
- Upgrade the Site Collector
- Upgrade the Site Collector Specifications
- Site Collector Monitoring
- Troubleshoot the Site Collector
Modify the Splunk Collector Configuration
In the Overview section in addition to viewing the status, trend, last day volume, and collector name, you can modify the Collector configuration by clicking the Collector instance. To modify the configuration for the Splunk Collector instance:
On the New-Scale Security Operations Platform home page, click the Collectors tile.
Select Site Collectors from the sub-menu.
The Overview section displays status groups, last day average volume, and a list of Site Collectors.
On the Overview tab, click the Splunk Collector instance for which you want to modify the configuration.
Modify the Splunk query and select the desired Splunk fetch interval, then click Update. If you update the query, Site Collector Core fetches log data with the parameters based on the query.
Update the Splunk Fetch Timestamp by selecting the time and date from when you want the collector to fetch logs. You can select a date previous to the present date, which is backdated to 30 days.
Click Definition to edit Splunk Collector name, select a Site Collector instance, Splunk hostname, and port.
Click Authentication to change the authentication method: Login Pass or Token for the Splunk collector to connect to the sever. Based on the authentication method that you select, you can edit the login name and password, or the token number for the Splunk server. In this section, you can also edit the protocol and tls option to securely pull the data.
To stop or delete the Splunk Collector instance in Running state, in the upper right corner, click Stop or Delete.
Note
You can start a Collector instance that is stopped, by clicking Restart.
You can delete a Collector of which the status is 'Running'. You can delete a Site Collector instance of which the status is 'Setup Error' or 'Installation Error'.