Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

merge indexes.conf files

kembgeorge
Loves-to-Learn
‎10-02-2020 12:39 PM

I have a task to take a list of active Indexes and create a new configuration file entry in a merged file, using a bunch of other configuration files. taking note of bucket size and what not 

can anyone help with that?

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-02-2020 01:15 PM

Use btool.

splunk btool --debug indexes list | grep -v "system\/default" | awk '{$1=""; print $0}' > myindexes.conf
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

kembgeorge
Loves-to-Learn
‎10-02-2020 01:36 PM

thanks very much. what exactly will that Btool command do?

I appreciate the help let me see if i can clarify it a little bit more. ok I have two indexes.conf files right with a list of indexes in them and I want to merge those indexes to a new configuration file with all the similar indexes that i would like the new config file to have 

here is an example ok 

so  Aindexes.conf  and B indexes.conf have a list of indexes (1,2,3,4,5,6,7,8.) and  I want to merge all those indexes to a new index called merged index I will keep their internal, audit and some other indexes. 

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-14-2020 07:41 AM

The command collects all indexes.conf information, strips out entries from $SPLUNK_HOME/etc/system/default, and then writes the resulting entries into a single indexes.conf file.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...