I would like to know how to get all configuration files in my deployment in a file (for each Splunk instance)?
I have :
- 1 Management Console
- 1 Search head
- 2 Indexers
- 2 Universal forwarder (with vip)
(everything is redundant (doubled configuration))
Your question is not very clear to me but I will tell you that configuration items in splunk are spread in several directories depending on changes made at the app level and any system level changes and are merged according to precedence rules. You can read about how this works here:
You can use btool to investigate what the active configuration on a splunk instance:
To capture every configuration item in a single file you would basically need to archive [SPLUNKHOME]/etc/apps and [SPLUNKHOME]/etc/system directories.
Also there is a CLI command:
That creates a file with all the config files, logs, system info... usually requested by support guys to troubleshoot issues.
Maybe this could serve you too