Getting Data In

Can I use CLI to configure inputs.conf blacklist

tdrisdelle
Engager

Is there any way to use the CLI to configure the blacklist (in inputs.conf) file?

The docs seem to indicate no... but I'm hopeful that I've missed something.

./splunk help edit
required parameters:

(For edit monitor)
    source                      path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files.

optional parameters:

(For edit monitor)
        sourcetype                  source type value to set for events from the source

        index                       a local Splunk index to place events from the source

        hostname                    host name to set as the host value

        hostregex                   regular expression of file path to set as the host value

        hostsegmentnum              number of segments in the file path to set as the host value

        follow-only                 only read from the end of the file (True|False, default=False)
1 Solution

bmacias84
Champion

@tdrisdelle, No you are not missing anything. Currently the CLI does not offer the ability to edit advanced stanza settings. Just like the GUI, the CLI allows basic add and modify abilities. For more advanced stanaza and settings changes direct conf file edits are required. This is when building TAs and using something like the Deployment Server makes configuration much easier.

View solution in original post

0 Karma

bmacias84
Champion

@tdrisdelle, No you are not missing anything. Currently the CLI does not offer the ability to edit advanced stanza settings. Just like the GUI, the CLI allows basic add and modify abilities. For more advanced stanaza and settings changes direct conf file edits are required. This is when building TAs and using something like the Deployment Server makes configuration much easier.

0 Karma

bondu
Explorer

What is the Operating System you have splunk installed on?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...