Solved: Help on inputs.conf

jip31 · ‎09-19-2023

Hi

I have a basic questions about the inputs.conf file

In our apps, we have a inputs.conf file under etc/apps/test/inputs.conf what is normal

But what is the difference between

etc/system/local/inputs.conf and etc/apps/test/inputs.conf ?

Is the inputs.conf file under system is an agrégation of all the inputs.conf files of every apps? And which inputs.conf file is taking into account first? The one in system or the one in the apps?

Regards

richgalloway · ‎09-19-2023

Yes, Splunk merges the settings for inputs.conf from all enabled apps as well as system/default and system/local to arrive at what the complete list of inputs will be. See the Admin Manual at https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Wheretofindtheconfigurationfiles for a description of configuration file precedence.

Note that etc/apps/test/inputs.conf will be ignored by Splunk because it is not in a local or default directory.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎09-19-2023

Yes, Splunk merges the settings for inputs.conf from all enabled apps as well as system/default and system/local to arrive at what the complete list of inputs will be. See the Admin Manual at https://docs.splunk.com/Documentation/Splunk/9.1.1/Admin/Wheretofindtheconfigurationfiles for a description of configuration file precedence.

Note that etc/apps/test/inputs.conf will be ignored by Splunk because it is not in a local or default directory.

---
If this reply helps you, Karma would be appreciated.

Help on inputs.conf

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...