Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What happens if you deploy an inputs.conf from a DS if an inputs.conf already exists?

russell120
Communicator
‎02-25-2019 07:33 PM

Hi,

Its just as the title suggests. If a have a deployment client with an inputs.conf thats already configured as such:

[monitor:///var/log/httpd]
index = web

If I push this inputs.conf to that deployment client from a deployment server?:

[monitor:///var/log/httpd]
index = webLogs

Will the web or webLogs index be populated with events? Or will both be?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎02-25-2019 07:50 PM

The deployment server works at the app level.

And the app has a set of files in directories which could include an inputs.conf.

So if you already had an inputs.conf in /opt/splunk/etc/myapp/local/inputs.conf and the server.conf is going to deploy myapp to the client it will overwrite it.

View solution in original post

Reply
Solved! Jump to solution
Solution

burwell
SplunkTrust
SplunkTrust
‎02-25-2019 07:50 PM

The deployment server works at the app level.

And the app has a set of files in directories which could include an inputs.conf.

So if you already had an inputs.conf in /opt/splunk/etc/myapp/local/inputs.conf and the server.conf is going to deploy myapp to the client it will overwrite it.

Reply
Solved! Jump to solution

FrankVl
Ultra Champion
‎02-26-2019 12:17 AM

Exactly. And if they are not in the same app / folder, then Splunk determines the precedence based on the location of each inputs.conf: https://docs.splunk.com/Documentation/Splunk/latest/Admin/Wheretofindtheconfigurationfiles

Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
li.common.scroll-to.top