Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

btool cheat sheet

youngsuh
Contributor
‎08-19-2020 08:36 AM

Does anyone have a cheat sheet for btool to help newbies?

Here is my version of btool cheat sheet:

 

splunk btool <conf_file_prefix> <sub-cmd> <context> --debug "%search string%"
splunk show config <config file name> | grep -v "system\/default"

Step 1.
splunk btool inputs list --debug "%search string%"  >> /tmp/splunk_inputs.txt
Step 2.
Import into excel using space as a separator.
Step 3.  Use excel to filter feature to look for the settings

 

Explanation: 

<conf_file_prefix>: props, inputs, outputs, transforms

<sub-cmd>:  list, display, user, dir

<context>: --app=search

"%serch string%": input the search you're looking for

I'd prefer piping the command to "less" command.

Splunk documents:  https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

External Site:

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Thanks, everyone who replied.  I'd consolidated the information into the top page.

Labels (1)
Labels
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-19-2020 08:42 AM

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎08-19-2020 08:53 AM

Try 

splunk btool help

 I prefer to pipe btool output to 

grep -v "system\/default"

to eliminate noise from the default settings. 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎08-19-2020 09:06 AM

And remember that what you got from btool is what is on disk. If/when you want to see what is running config you must use 

splunk show config <config file name>

r. Ismo 

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-19-2020 08:42 AM

Hi @youngsuh,

I didn't find a page as you would and it's a strange thing because Splunk documentation is usually very complete and structured.

Anyway, in these pages, you can find all the infos you need:

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/Usebtooltotroubleshootconfigurati...

https://docs.splunk.com/Documentation/Splunk/8.0.5/Troubleshooting/CommandlinetoolsforusewithSupport

https://splunkonbigdata.com/2018/10/03/splunk-btool/

Ciao.

Giuseppe

Reply
Solved! Jump to solution

yulsplunkops
Engager
‎12-04-2024 02:28 PM

I use the good old grep command when I needed a list of indexes referenced in all inputs on all folders ; like this:  

splunk btool inputs list --debug | grep index



 

0 Karma
Reply
Solved! Jump to solution

mwk1000
Path Finder
‎07-14-2025 06:43 AM

that is my 99% use case for btool , the aggregated list of xxxxx.conf by file --debug then filter with grep.

0 Karma
Reply
Solved! Jump to solution

isoutamo
SplunkTrust
SplunkTrust
‎07-14-2025 06:53 AM

If you know stanza name you should add also it. 
Currently there is also splunk app called Admin's little helper, which you could use to run btool from MC or splunk cloud. I strongly recommended to install and use it in any distributed environments!


https://splunkbase.splunk.com/app/6368

0 Karma
Reply
Solved! Jump to solution

Abhay
Explorer
‎11-15-2021 08:36 PM

https://splunkonbigdata.com/splunk-btool/

 

This is the new link for btool in Splunkonbigdata.com 

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎08-20-2020 02:26 AM

Hi @youngsuh,

happy splunking!

Ciao.

Giuseppe

P.S.: Karma Points are appreciated by me and the other contributors 😉

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...