Archive
Highlighted

How to get all configuration files in my deployment in a file?

Path Finder

Hi all,
I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)?
I have :
- 1 Management Console
- 1 Search head
- 2 Indexers
- 2 Universal forwarder (with vip)
(everything is redundant (doubled configuration))
Tks
Best Regards

Highlighted

Re: How to get all configuration files in my deployment in a file?

Builder

Your question is not very clear to me but I will tell you that configuration items in splunk are spread in several directories depending on changes made at the app level and any system level changes and are merged according to precedence rules. You can read about how this works here:

http://docs.splunk.com/Documentation/Splunk/6.2.1/Admin/Wheretofindtheconfigurationfiles

You can use btool to investigate what the active configuration on a splunk instance:

http://docs.splunk.com/Documentation/Splunk/6.2.1/Troubleshooting/Usebtooltotroubleshootconfiguratio...

To capture every configuration item in a single file you would basically need to archive [SPLUNKHOME]/etc/apps and [SPLUNKHOME]/etc/system directories.

0 Karma
Highlighted

Re: How to get all configuration files in my deployment in a file?

Path Finder

Ok, thank you for your answer.
Regards

0 Karma
Highlighted

Re: How to get all configuration files in my deployment in a file?

Motivator

Also there is a CLI command:

splunk diag

That creates a file with all the config files, logs, system info... usually requested by support guys to troubleshoot issues.

Maybe this could serve you too

Regards

View solution in original post