Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Configuration Tracker - Linux Symbolic Link App Folder

Solev
Explorer
‎05-16-2024 12:36 AM

Hello together,

with the introduction of the new ConfigurationTracker in Splunk 9.0 we noticed that some of our apps are not being logged.

 

The system is a linux single splunk enterprise server and the apps which are not being logged are not directly located under /opt/splunk/etc/apps.

Instead we do only have symbolic links to another folder on the system. It works for everything else, but the configuration tracker seems to ignore symbolic links. It is also not a permission issue of the linked folder. The linked folder has the same splunk group and permissions assigned.

 

/opt/splunk/etc/apps/symboliclinkapp     ->   /anotherfolder/symboliclinkapp

 

Is there an option to change the configuration tracker to also consider symbolic links?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎05-16-2024 12:54 AM

The only available options for the configuration tracker are here:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf#Configuration_Change_Tracker

It doesn't mention whether the config change tracker follows symlinks or not. If your experience shows that it doesn't, it means it probably doesn't and you can't change that. (I didn't test it myself).

You can submit an idea on https://ideas.splunk.com/

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

PickleRick
SplunkTrust
SplunkTrust
‎05-16-2024 12:54 AM

The only available options for the configuration tracker are here:

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf#Configuration_Change_Tracker

It doesn't mention whether the config change tracker follows symlinks or not. If your experience shows that it doesn't, it means it probably doesn't and you can't change that. (I didn't test it myself).

You can submit an idea on https://ideas.splunk.com/

 

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...