Hey,
I want to be able to edit this file /opt/splunk/etc/system/default/props.conf and add this data input:
[journald]
KV_MODE = json
MAX_TIMESTAMP_LOOKAHEAD = 10
NO_BINARY_CHECK = 1
SHOULD_LINEMERGE = false
TIME_FORMAT = %s
TIME_PREFIX = \"__REALTIME_TIMESTAMP\" : \"
pulldown_type = 1
TZ=UTC
I don't see any way to do it with SPLUNK_CMD
Also didn't find any documentation in https://hub.docker.com/r/splunk/splunk/
Please assist.
... View more