All,

I enabled the packages input on Splunk_TA_nix on my CentOS 7 box. I get 790 packages back. How ever when I get the same data from the command line I get 796 packages.

#rpm --query --all | wc
    796     796   26418**

Something seems off. Any ideas?

Output from btool

sourcetype =
[package]
ADD_EXTRA_TIME_FIELDS = True
ANNOTATE_PUNCT = True
AUTO_KV_JSON = true
BREAK_ONLY_BEFORE =
BREAK_ONLY_BEFORE_DATE = True
CHARSET = UTF-8
DATETIME_CONFIG = CURRENT
DEPTH_LIMIT = 1000
HEADER_MODE =
KV_MODE = multi
LEARN_MODEL = true
LEARN_SOURCETYPE = true
LINE_BREAKER = ^((?!))$
LINE_BREAKER_LOOKBEHIND = 100
MATCH_LIMIT = 100000
MAX_DAYS_AGO = 2000
MAX_DAYS_HENCE = 2
MAX_DIFF_SECS_AGO = 3600
MAX_DIFF_SECS_HENCE = 604800
MAX_EVENTS = 256
MAX_TIMESTAMP_LOOKAHEAD = 128
MUST_BREAK_AFTER =
MUST_NOT_BREAK_AFTER =
MUST_NOT_BREAK_BEFORE =
SEGMENTATION = indexing
SEGMENTATION-all = full
SEGMENTATION-inner = inner
SEGMENTATION-outer = outer
SEGMENTATION-raw = none
SEGMENTATION-standard = standard
SHOULD_LINEMERGE = false
TRANSFORMS =
TRUNCATE = 1000000
detect_trailing_nulls = false
maxDist = 100
priority =
sourcetype =