Hi everyone,
We are currently looking a config file(s) that consist of the details below, instead of running executables. Running the executables require privileged access, which we are trying to limit. Are there any config files that we can check that has the outputs below. If yes, please share the relevant config files details.
#./splunk display listen
#./splunk show deploy-poll
#./splunk list forward-server
#./splunk show servername
#./splunk show default-hostname
# /opt/splunkforwarder/bin/splunk list monitor
# /opt/splunkforwarder/bin/splunk version
Thank you. Cheers.
Nestaz
Hi @mnestaz,
All the config files are in the etc folder, anyway the files you're serching are these:
#./splunk display listen ???
#./splunk show deploy-poll $SPLUNK_HOME/etc/system/local/deploymentclient.conf
#./splunk list forward-server $SPLUNK_HOME/etc/system/local/serverclass.conf
#./splunk show servername $SPLUNK_HOME/etc/system/local/server.conf
#./splunk show default-hostname $SPLUNK_HOME/etc/system/local/server.conf
# /opt/splunkforwarder/bin/splunk list monitor ???
# /opt/splunkforwarder/bin/splunk version $SPLUNK_HOME/etc/splunk.version
Ciao.
Giuseppe
@mnestaz Following details might help. An upvote would be appreciated if it helps!
#./splunk display listen | $SPLUNK_HOME/etc/system/local (or) default/ $SPLUNK_HOME/etc/apps/<app_name>/local or default/ Look for inputs.conf find keyword - [splunktcp: |
# /opt/splunkforwarder/bin/splunk list monitor | $SPLUNK_HOME/etc/system/local (or) default/ $SPLUNK_HOME/etc/apps/<app_name>/local or default/ Look for inputs.conf find keyword - [monitor: |