Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

btool cheat sheet

youngsuh
Contributor
‎08-19-2020 08:36 AM

Does anyone have a cheat sheet for btool to help newbies?

Here is my version of btool cheat sheet:

 

splunk btool <conf_file_prefix> <sub-cmd> <context> --debug "%search string%"
splunk show config <config file name> | grep -v "system\/default"

Step 1.
splunk btool inputs list --debug "%search string%"  >> /tmp/splunk_inputs.txt
Step 2.
Import into excel using space as a separator.
Step 3.  Use excel to filter feature to look for the settings

 

Explanation: 

<conf_file_prefix>: props, inputs, outputs, transforms

<sub-cmd>:  list, display, user, dir

<context>: --app=search

"%serch string%": input the search you're looking for

I'd prefer piping the command to "less" command.

Splunk documents:  https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

External Site:

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Thanks, everyone who replied.  I'd consolidated the information into the top page.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-19-2020 08:42 AM

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-19-2020 08:53 AM

Try 

splunk btool help

 I prefer to pipe btool output to 

grep -v "system\/default"

to eliminate noise from the default settings. 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-19-2020 09:06 AM

And remember that what you got from btool is what is on disk. If/when you want to see what is running config you must use 

splunk show config <config file name>

r. Ismo 

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-19-2020 08:42 AM

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Abhay
Explorer
‎11-15-2021 08:36 PM

https://splunkonbigdata.com/splunk-btool/

 

This is the new link for btool in Splunkonbigdata.com 

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 02:26 AM

Hi @youngsuh,

happy splunking!

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by me and the other contributors 😉

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...