Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

monitoring for /root/.bash_history works for particular copies of inputs.conf (depending on directory structure)

heterodyned
Path Finder
‎07-10-2010 07:58 AM

Hello Folks,

I have two copies of inputs.conf, one is under the etc/apps/local directory ( created the local and placed inputs.conf) , now the inputs.conf in the apps directory is actually a copy of the inputs.conf from system/local with minor modifications and additional parameters, now I am tryin to monitor /root/.bash_history/. this monitor works fine if I place it under /etc/system/local/inputs.conf but if i place it inside /apps/local/ , it doesnt work fine, and the same holds true for few other fschange parameters like /home, /etc

any idea? I have placed the ownership for all these under splunk only ..

- Raghu

Tags (1)
0 Karma
Reply

heterodyned
Path Finder
‎07-10-2010 12:18 PM

This issue got resolved, i was going wrong in creating directory structure, the precedence follows the order of /etc/system/local & /etc/apps/ABCD/local ( i had this placed as /etc/apps/local)

Raghu

Reply

hexx
Splunk Employee
Splunk Employee
‎08-09-2010 01:42 AM

Absolutely. More detailed information about configuration file precedence can be found in the admin manual :
http://www.splunk.com/base/Documentation/4.1.4/Admin/Wheretofindtheconfigurationfiles

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...