Solved: Re: Which inputs.conf does "splunk add monitor" mo...

tsheets13 · ‎10-29-2021

I've been working with Splunk for many years and have always made changes via the .conf files. However, I recently added the /var/logs directory by using

./splunk add monitor /var/log -index main -sourcetype linux

It's working, but I want to modify it a bit. However, I have been pulling my hair out trying to figure out which inputs.conf file was modified with the command.

Any assistance appreciated.

Tim

493669 · ‎10-29-2021

Hi @tsheets13 ,
You can btool command to check where your config lies for ex. ./splunk btool inputs list --debug

./splunk btool inputs list --debug

-----
If this reply helps an upvote will be appreciated

View solution in original post

493669 · ‎10-29-2021

Hi @tsheets13 ,
You can btool command to check where your config lies for ex. ./splunk btool inputs list --debug

./splunk btool inputs list --debug

-----
If this reply helps an upvote will be appreciated

Which inputs.conf does "splunk add monitor" modify

universal forwarder

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...