Getting Data In

Which inputs.conf are the inputs stored in when added by web interface

denzelchung
Path Finder

I know that we can manually add data inputs through the inputs.conf file.
I added a file monitoring input via the web interface and wanted to see how it is written in the inputs.conf file. However, I opened the inputs.conf files and could not find any lines related to the file that I am monitoring. Which file is this input stored in?

Tags (2)
0 Karma
1 Solution

FrankVl
Ultra Champion

Don't know from the top of my head, but you can certainly find out using btool:

From $SPLUNK_HOME/bin execute: ./splunk cmd btool inputs list --debug

Assuming you're running on linux, you can search for the relevant lookup by passing it through grep (replace 'foo' with something characteristic for the input you configured): ./splunk cmd btool inputs list --debug | grep foo

View solution in original post

FrankVl
Ultra Champion

Don't know from the top of my head, but you can certainly find out using btool:

From $SPLUNK_HOME/bin execute: ./splunk cmd btool inputs list --debug

Assuming you're running on linux, you can search for the relevant lookup by passing it through grep (replace 'foo' with something characteristic for the input you configured): ./splunk cmd btool inputs list --debug | grep foo

denzelchung
Path Finder

I ran the btool command and it printed out inputs from every inputs.conf file but I do not see the one I added.

Under the web interface, I see it listed under Settings > Data Inputs > Files & Directories

0 Karma

MuS
Legend

Click in the web browser in the URL address field, it will show something like:

 http[s]://hostname:<port>/en-GB/app/YourAppNameHere/....`

you're inputs.conf would be in $SPLUNK_HOME/etc/apps/YourAppNameHere/local

Hope this helps ...

cheers, MuS

0 Karma

denzelchung
Path Finder

Found it! I did not have admin rights to the local folder in the apps directory and so it didn't show up when I used the btool command.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...