- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Re: can limits.conf and server.conf be placed insi...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can limits.conf and server.conf be placed inside etc/apps//default
title says it all? does not state clearly in docs like other files such as inputs.conf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry, to clarify i meant
etc/apps//default
or
etc/apps//default
so not one of the splunkbase apps or default splunk apps.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue with configuring these in ../default/ is that for any standard app distribution (e.g. search), the configuration file will be overwritten by any upgrade or re-install which applies the default configuration. This results in your custom config changes being wiped out.
Common practice is to put it in ../local/ to prevent the above scenario.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks, yes as now i have added to my question i only meant my own custom app. not splunk base or default
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
These are global files so they should stay where they are.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i can see they can both be found in default install app for a windows UF:
splunk\etc\apps\SplunkUniversalForwarder\default\
I dont want to overwrite anything, only add. I would rather add config only in etc/apps/ for large deployment
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the DS/DC case is the one case where it would be distributed in an app context. We, too have several OS-based "base" forwarder apps that have server-wide settings. This is OK because these apps are mutually-exclusive from eachother. The reason it is not a great idea is because precedence will cause your app's version of the file to be preferred over the system's version. In the case we described, this is desirable. In the case of a "regular" app, this could be disastrous and very poor form.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks so over all this does work but the idea is to use local rather than default where you are in a splunk base or splunk default app.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
