@MuS, is there a way to restrict this app, to run only the btool command? with the Unix sudo command for example, we can restrict which commands can run...

Which one are you referring @ddrillic ? If it is this one https://splunkbase.splunk.com/app/1607/ then it is just a python script which can be modified so it only runs btool for example.

cheers, MuS

Very interesting @MuS.

Much appreciated @MuS

Okay, S.O.S app had a custom command called btool in it https://answers.splunk.com/answers/104622/make-output-of-btool-some-conf-type-list-more-legible-unix... You can still download the app here https://splunkbase.splunk.com/app/748/#/overview Not sure though if you can use it to do btool check but well worth to give it a try 😉

cheers, MuS

Or refer to Btool Scripted Inputs for Splunk if you go down this particular path...

Thank you @gjanders

One thing you can't do with it is pipe to something else. This would normally show all the inputs.conf stanza names but in the app it just shows you usage info. Here on *nix:

$ splunk cmd btool inputs list --debug | grep "\["

/opt/splunk/etc/apps/unix/local/inputs.conf                            [script:///opt/splunk/etc/apps/unix/bin/ps.sh]
/opt/splunk/etc/apps/unix/local/inputs.conf                            [script:///opt/splunk/etc/apps/unix/bin/rlog.sh]
/opt/splunk/etc/apps/unix/local/inputs.conf                            [script:///opt/splunk/etc/apps/unix/bin/time.sh]
/opt/splunk/etc/apps/unix/local/inputs.conf                            [script:///opt/splunk/etc/apps/unix/bin/top.sh]

etc...