Getting Data In

Can I use CLI to configure inputs.conf blacklist

tdrisdelle
Engager

Is there any way to use the CLI to configure the blacklist (in inputs.conf) file?

The docs seem to indicate no... but I'm hopeful that I've missed something.

./splunk help edit
required parameters:

(For edit monitor)
    source                      path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files.

optional parameters:

(For edit monitor)
        sourcetype                  source type value to set for events from the source

        index                       a local Splunk index to place events from the source

        hostname                    host name to set as the host value

        hostregex                   regular expression of file path to set as the host value

        hostsegmentnum              number of segments in the file path to set as the host value

        follow-only                 only read from the end of the file (True|False, default=False)
1 Solution

bmacias84
Champion

@tdrisdelle, No you are not missing anything. Currently the CLI does not offer the ability to edit advanced stanza settings. Just like the GUI, the CLI allows basic add and modify abilities. For more advanced stanaza and settings changes direct conf file edits are required. This is when building TAs and using something like the Deployment Server makes configuration much easier.

View solution in original post

0 Karma

bmacias84
Champion

@tdrisdelle, No you are not missing anything. Currently the CLI does not offer the ability to edit advanced stanza settings. Just like the GUI, the CLI allows basic add and modify abilities. For more advanced stanaza and settings changes direct conf file edits are required. This is when building TAs and using something like the Deployment Server makes configuration much easier.

0 Karma

bondu
Explorer

What is the Operating System you have splunk installed on?

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...