Hi, I am trying tousebtoolto find an index that is used in an inputs.conf: ./splunk btool inputs list --debug | grep "indexname" However I get nothing back, am I doing something w...
...est_indexer") stops indexing any incoming and local data completely after I add the following configurations: /opt/splunk/etc/system/local/inputs.conf [monitor:///path/to/my/file.log]
index = m...
Newly released Splunk 9 introduced an error or invalid stanza on `federated.conf`. Anybody knows how to fix this? Invalid key in stanza [provider:splunk] in /opt/splunk/etc/system/default/f...
Arg this is so frustrating.
I cant find the nix_action_lookup and I can't find the IDS config.
How do i troubleshoot this error.
Is there a btool shortcut to find where this permissions i...
...IME_FORMAT", etc. Anytime I've made these changes and re-started Splunk, I am able to see them when I use the btool command to check for props settings, so they do seem to be picking up. However, in my G...
...nd ps_sos.sh).
On 1 idx-cluster peer I have the following sets of configurations dumped using btool:
From indexes - (only showing configs that are not from the default indexes.conf)
/opt/s...
I have two separate deployment apps going to separate classes. One we'll call A is working great with full event filtering and blacklisting via $XmlRegex in inputs.conf see below: w...
...akejson output=data | eval _time=date, date=strftime(date,"%Y-%m-%d") | fields data date _time).
Your indexes and inputs configurations are not internally consistent. For more i...
Hi,
I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props has a typo. So is there anyway we could find out these types of errors?