Configuration stanza precedence vs Configuration f...

ankithreddy777 · ‎08-09-2018

For props.conf which has highest precedence.

In documentation, they said
[source::] settings override both [host::] and [] settings

1) if props.conf is in ..etc/system/local

[sourcetype1]
TIME_FORMAT=.....

...

2) And props.conf in etc/apps/app1/local/
[source::....]
TIME_FORMAT=.....

...

we know system/local has higher priority than app1/local.... But has high priority over

Could you please let me know which TIME_FORMAT setting will be applied,.
from system/local? OR App1/local?

Conf. file location precedence is higher OR stanza type precedence is higher?

adonio · ‎08-09-2018

system/local takes precedence
however, you are looking at different stanzas, iirc sourcetype akes precedence over host and source
read here all the way:
http://docs.splunk.com/Documentation/Splunk/7.1.2/Admin/Wheretofindtheconfigurationfiles

ankithreddy777 · ‎08-09-2018

Hi Adonia,

I am looking at different stanzas at different locations.

we know system/local has higher priority than app1/local.... But source has high priority over sourcetype.

Does source settings will be applied even though place at low precedence location.

Configuration stanza precedence vs Configuration file location precedence?