Getting Data In

btool cheat sheet

youngsuh
Communicator

Does anyone have a cheat sheet for btool to help newbies?

Here is my version of btool cheat sheet:

 

splunk btool <conf_file_prefix> <sub-cmd> <context> --debug "%search string%"
splunk show config <config file name> | grep -v "system\/default"

Step 1.
splunk btool inputs list --debug "%search string%"  >> /tmp/splunk_inputs.txt
Step 2.
Import into excel using space as a separator.
Step 3.  Use excel to filter feature to look for the settings

 

Explanation: 

<conf_file_prefix>: props, inputs, outputs, transforms

<sub-cmd>:  list, display, user, dir

<context>: --app=search

"%serch string%": input the search you're looking for

I'd prefer piping the command to "less" command.

Splunk documents:  https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

External Site:

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Thanks, everyone who replied.  I'd consolidated the information into the top page.

Labels (1)
Tags (1)
0 Karma
1 Solution

gcusello
Legend

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Try 

splunk btool help

 I prefer to pipe btool output to 

grep -v "system\/default"

to eliminate noise from the default settings. 

---
If this reply helps you, an upvote would be appreciated.

isoutamo
SplunkTrust
SplunkTrust

And remember that what you got from btool is what is on disk. If/when you want to see what is running config you must use 

splunk show config <config file name>

r. Ismo 

gcusello
Legend

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

View solution in original post

0 Karma

Abhay
Engager

https://splunkonbigdata.com/splunk-btool/

 

This is the new link for btool in Splunkonbigdata.com 

gcusello
Legend

Hi @youngsuh,

happy splunking!

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by me and the other contributors 😉

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!