merge indexes.conf files

kembgeorge · ‎10-02-2020

I have a task to take a list of active Indexes and create a new configuration file entry in a merged file, using a bunch of other configuration files. taking note of bucket size and what not

can anyone help with that?

richgalloway · ‎10-02-2020

Use btool.

splunk btool --debug indexes list | grep -v "system\/default" | awk '{$1=""; print $0}' > myindexes.conf

---
If this reply helps you, Karma would be appreciated.

kembgeorge · ‎10-02-2020

thanks very much. what exactly will that Btool command do?

I appreciate the help let me see if i can clarify it a little bit more. ok I have two indexes.conf files right with a list of indexes in them and I want to merge those indexes to a new configuration file with all the similar indexes that i would like the new config file to have

here is an example ok

so Aindexes.conf and B indexes.conf have a list of indexes (1,2,3,4,5,6,7,8.) and I want to merge all those indexes to a new index called merged index I will keep their internal, audit and some other indexes.

richgalloway · ‎10-14-2020

The command collects all indexes.conf information, strips out entries from $SPLUNK_HOME/etc/system/default, and then writes the resulting entries into a single indexes.conf file.

---
If this reply helps you, Karma would be appreciated.

merge indexes.conf files

deployment server

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!