Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Which inputs.conf are the inputs stored in when added by web interface

denzelchung
Path Finder
‎06-26-2019 02:00 AM

I know that we can manually add data inputs through the inputs.conf file.
I added a file monitoring input via the web interface and wanted to see how it is written in the inputs.conf file. However, I opened the inputs.conf files and could not find any lines related to the file that I am monitoring. Which file is this input stored in?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎06-26-2019 03:19 AM

Don't know from the top of my head, but you can certainly find out using btool:

From $SPLUNK_HOME/bin execute: ./splunk cmd btool inputs list --debug

Assuming you're running on linux, you can search for the relevant lookup by passing it through grep (replace 'foo' with something characteristic for the input you configured): ./splunk cmd btool inputs list --debug | grep foo

View solution in original post

Reply
Solved! Jump to solution
Solution

FrankVl
Ultra Champion
‎06-26-2019 03:19 AM

Don't know from the top of my head, but you can certainly find out using btool:

From $SPLUNK_HOME/bin execute: ./splunk cmd btool inputs list --debug

Assuming you're running on linux, you can search for the relevant lookup by passing it through grep (replace 'foo' with something characteristic for the input you configured): ./splunk cmd btool inputs list --debug | grep foo

Reply
Solved! Jump to solution

denzelchung
Path Finder
‎06-26-2019 05:57 PM

I ran the btool command and it printed out inputs from every inputs.conf file but I do not see the one I added.

Under the web interface, I see it listed under Settings > Data Inputs > Files & Directories

0 Karma
Reply
Solved! Jump to solution

MuS
Legend
‎06-26-2019 06:12 PM

Click in the web browser in the URL address field, it will show something like:

 http[s]://hostname:<port>/en-GB/app/YourAppNameHere/....`

you're inputs.conf would be in $SPLUNK_HOME/etc/apps/YourAppNameHere/local

Hope this helps ...

cheers, MuS

0 Karma
Reply
Solved! Jump to solution

denzelchung
Path Finder
‎06-26-2019 07:34 PM

Found it! I did not have admin rights to the local folder in the apps directory and so it didn't show up when I used the btool command.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...