Solved: How can I retrieve a value from local .conf file a...

ektasiwani · ‎09-14-2015

Hi,

I have a file in local directory with name myconf.conf .
This file is create by setup form filled by user.
I want to know how can to use this values in splunk query.
Myconf.conf file contain data abount customer name and email and index.
this is what is stored in .conf file

[customerinfo]
custname = eku
custemail = eku@gmail.com
indexmain = main

My requirement is to use this value in search like
indexmain | stats count by custname

Any help is appreciated.

Thanks

bmacias84 · ‎09-14-2015

Hello @ektasiwani,

You can use the rest api to return configurations in Splunk. This works well for Splunk defined or Modular input conf files.

Using configs:

| rest  /services/configs/conf-authorize
OR
| rest  /services/configs/conf-<file>

Using properties endpoint:

| rest  /services/properties/authorize
OR
| rest  /services/properties/<conf_file>

Cheers,

View solution in original post

bmacias84 · ‎09-14-2015

Hello @ektasiwani,

You can use the rest api to return configurations in Splunk. This works well for Splunk defined or Modular input conf files.

Using configs:

| rest  /services/configs/conf-authorize
OR
| rest  /services/configs/conf-<file>

Using properties endpoint:

| rest  /services/properties/authorize
OR
| rest  /services/properties/<conf_file>

Cheers,

How can I retrieve a value from local .conf file and use in splunk query

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How can I retrieve a value from local .conf file and use in splunk query

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!