Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Will Outputs.conf reflect the timestamp parameters?

sarvesh_11
Communicator
‎04-04-2019 01:56 AM

Hello Splunkers,

I have outputs.conf in my Universal Forwarder at \etc\system\local\ , I am monitoring some log files gave the monitor path in inputs.conf.
Now just like we mention in props.conf about time stamp parameters,
Can i update the same here in Outputs.conf at SplunkUniversalForwarder\etc\system\local\ ?
Ex:
[sourcetype / source]
DATETIME_CONFIG = none
SHOULD_LINEMERGE = true.
Will i be able to get data cooked with these parameters?

Thanks in advance.
Keep Splunkning 🙂

0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎04-04-2019 05:32 AM

No.. outputs.conf will only tell the forwarder where to send the data

You should also look into moving it away from etc/system/local and put it in an app instead. Reason being, if you ever had to scale the number of servers with a UF installed, you would need to use the deployment server which drops files in $SPLUNK_HOME/etc/apps/<APP-NAME>. If you have it in etc/system/local then those outputs will override what you sent via the deployment server

Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...