esix_splunk's answer is great and use rest searches worked for us on-prem, however splunk cloud doesn't allow you to query the indexers, for some security reason. I'm pretty sure they wouldn't allow a scripted input running btool on the indexers either.

Someone at splunk recommended https://splunkbase.splunk.com/app/6368/ and we had no trouble getting it installed on cloud and it's working well for us. Not sure how it does it but it works.

The configuration errors are being recorded in splunkd_stdout.log with "Invalid key in stanza" during server restart. May be worth of getting this information from this log instead of running rest command.

There is no btool endpoint, however you can access all of the configurations on the machine via the conf-file endpoints..

https://servername:mgmt/services/configs/conf-{file}

So you can do https://localhost:8089/services/configs/conf-props or https://localhost:8089/services/configs/conf-server.

Additionally you can do this via SPL..

| rest  splunk_server=local /services/configs/conf-props | transpose

If you do this in a distributed environment, be aware of you peers and adjust the splunk_server= to the servers you want to collect the configs from.

Hi @koshyk

I am pretty sure there is no rest api to get the output of btool. I wrote an app that runs btool on a servers and saves it to a file (it then commits the files to a git repository). you could pick apart my code to do what you want. The app is here https://splunkbase.splunk.com/app/4182/#/overview and here is the lines of code you can use: https://github.com/ChrisYounger/git_for_splunk/blob/master/bin/input_module_gitforsplunk.py#L51

Hope you find this helpful