One of the items on the doc page is confusing - link text
Important:
You can not configure the Splunk App for Unix and Linux from the command line. You must use the Settings pages, described in detail in this topic.
Conversely, there is no way to configure the Splunk Add-on for Unix and Linux in any other way than the command line.
Though the doc does point out this:
Use the Settings: Categories page to add host categories and groups. When you make these changes, the Splunk App for Unix and Linux writes them to $SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv.
Are we truly forced to use the UI only to configure the category/grouping? This would be a major pain.
You can manually edit the file from the command line : $SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv
The format of this file is
host,unix_category,unix_group
some_example_host,some__example_category,some_example_group
You can configure the Splunk Add-on for Unix and Linux from the command line. In fact, that's the only way you can configure the add-on.
You can configure the Splunk App for Unix and Linux only from Splunk Web.
We've updated the docs to clarify.
You can manually edit the file from the command line : $SPLUNK_HOME/etc/apps/SA-nix/lookups/dropdowns.csv
The format of this file is
host,unix_category,unix_group
some_example_host,some__example_category,some_example_group
Lucas K is correct, you can edit the file from the CLI, using your favorite CSV editor, or have a saved search update the values. A few important things to consider:
My guess would be that anything that creates a sane .csv is fine, including vi. I'm not in a position to test that, so not posting this as an actual answer. 🙂