Web Intelligence: local/eventtypes.conf will not o...

oscarspaz · ‎01-10-2012

I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event Type, it shows the default values instead of local values. Therefore, Web Intelligence App failed to assigned the correct eventtypes to incoming logs.

Does anyone has the same problem? How do you fix it?

oscarspaz · ‎01-10-2012

I followed the instructions and use the Setup workflow and get no results. I managed to get it working by editing the default/eventtypes.conf.

I documented my discoveries in this post

http://splunk-base.splunk.com/answers/34974/no-results-found-using-web-intelligence-app

I am beginning to wonder if it is a problem for Windows only.

araitz · ‎01-10-2012

A more primary question: why aren't you using the apps' own Setup workflow?

dwaddle · ‎01-10-2012

Potentially dumb question, but local/eventtypes.conf versus local/eventtype.conf? Is this merely a typo?

oscarspaz · ‎01-10-2012

Thank for pointing that out. It was a typo. I updated the post.

Web Intelligence: local/eventtypes.conf will not override default/eventtypes.conf

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector