Can i tweak log.cfg so that splunkd.log contains i...

sfmandmdev · ‎01-18-2011

I would like to see my list of directories from inputs.conf show up in splunkd.log. It there any attribute value that I can add/tweak from log.cfg in splunk to do that?

Genti · ‎01-18-2011

Well, splunkd.log contains internal logs about what splunk is doing.
inputs.conf contains your list of monitored files, directories, and othe tcp/udp inputs.

As such, splunkd.log cannot contain the file itself. However it does contain information on what is going on with those inputs, for example, it logs when a file is found in a monitored path, when it gets indexed etc.

What exactly are you trying to achieve? Is it a list of all your inputs? if so, try:

./splunk list monitor

or

./splunk cmd btool inputs list --debug

UPDATE
I didn't mention any forwarders, not sure where you got that from...
If all you want to do is see inputs.conf within splunk then add a splunk monitor stanza that contains them, like:

[monitor://<path to your splunk>/etc/.../inputs.conf]

or, you can run the above two commands and write them (pipe) to a file which you then monitor.

Genti · ‎01-18-2011

see updated answer above.

sfmandmdev · ‎01-18-2011

I don't want to give my splunk user access to splunk forwarder. I want to be able to see it in the internal logs itself, so that I can search on them via splunk UI- Can splunkd.log contain the list of monitored directories ?

Can i tweak log.cfg so that splunkd.log contains inputs.conf?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases