Hi,
We modify the inputs.conf file frequently. I have added the ability to track the changes made in inputs.conf file directly to the file itself. Now I can keep track whatever changes are made in this file.
The problem is every time when some changes are made in this file, Splunk picks the whole file again and it's difficult to compare changes.
So I want to create a dashboard on which i can compare the previous version and current version of inputs.conf so it will be easier to keep track of the changes.
Thanks
Ankit
If I were you I would use a proper change tracking/control mechanism as Splunk is not really designed for that.
I normally recommend all my clients to integrate their apps and system/local directories into SVN or GIT and then use those to track who's making changes, automate deployments, change control, etc etc.
You could even use git-diff or svn diff functionalities to compare your conf files.
And what's even better, configure Splunk to ingest SVN or GIT logs to have full visibility too and populate your dashboards, etc.
Hope that helps as a suggestion.
Thanks,
J