I was trying the use ./local/eventtypes.conf to override the values in ./default/eventtypes.conf.
Using btool, it shows that local eventtype was picked. However, in Splunk web Manager->Event Type, it shows the default values instead of local values. Therefore, Web Intelligence App failed to assigned the correct eventtypes to incoming logs.
Does anyone has the same problem? How do you fix it?
Potentially dumb question, but
local/eventtype.conf? Is this merely a typo?
I followed the instructions and use the Setup workflow and get no results. I managed to get it working by editing the default/eventtypes.conf.
I documented my discoveries in this post
I am beginning to wonder if it is a problem for Windows only.