Re: merge indexes.conf files

kembgeorge · ‎10-02-2020

I have a task to take a list of active Indexes and create a new configuration file entry in a merged file, using a bunch of other configuration files. taking note of bucket size and what not

can anyone help with that?

richgalloway · ‎10-02-2020

Use btool.

splunk btool --debug indexes list | grep -v "system\/default" | awk '{$1=""; print $0}' > myindexes.conf

---
If this reply helps you, Karma would be appreciated.

kembgeorge · ‎10-02-2020

thanks very much. what exactly will that Btool command do?

I appreciate the help let me see if i can clarify it a little bit more. ok I have two indexes.conf files right with a list of indexes in them and I want to merge those indexes to a new configuration file with all the similar indexes that i would like the new config file to have

here is an example ok

so Aindexes.conf and B indexes.conf have a list of indexes (1,2,3,4,5,6,7,8.) and I want to merge all those indexes to a new index called merged index I will keep their internal, audit and some other indexes.

richgalloway · ‎10-14-2020

The command collects all indexes.conf information, strips out entries from $SPLUNK_HOME/etc/system/default, and then writes the resulting entries into a single indexes.conf file.

---
If this reply helps you, Karma would be appreciated.

merge indexes.conf files

deployment server

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring