Splunk Enterprise

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

sfmandmdev
Path Finder

I would like to see my list of directories from inputs.conf show up in splunkd.log. It there any attribute value that I can add/tweak from log.cfg in splunk to do that?

0 Karma

Genti
Splunk Employee
Splunk Employee

Well, splunkd.log contains internal logs about what splunk is doing.
inputs.conf contains your list of monitored files, directories, and othe tcp/udp inputs.

As such, splunkd.log cannot contain the file itself. However it does contain information on what is going on with those inputs, for example, it logs when a file is found in a monitored path, when it gets indexed etc.

What exactly are you trying to achieve? Is it a list of all your inputs? if so, try:

./splunk list monitor

or

./splunk cmd btool inputs list --debug

UPDATE
I didn't mention any forwarders, not sure where you got that from...
If all you want to do is see inputs.conf within splunk then add a splunk monitor stanza that contains them, like:

[monitor://<path to your splunk>/etc/.../inputs.conf]

or, you can run the above two commands and write them (pipe) to a file which you then monitor.

Genti
Splunk Employee
Splunk Employee

see updated answer above.

0 Karma

sfmandmdev
Path Finder

I don't want to give my splunk user access to splunk forwarder. I want to be able to see it in the internal logs itself, so that I can search on them via splunk UI- Can splunkd.log contain the list of monitored directories ?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...