You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 lines
12 KiB
250 lines
12 KiB
[global]
|
|
|
|
write_access = false
|
|
# This enables saving, creating new files/folders, deleting and renaming. This
|
|
# is obviously very dangerous and just like having filesystem access through
|
|
# the operating system, will make it very easy to destroy your Splunk
|
|
# environment if you dont know what you are doing.
|
|
# Defaults to false
|
|
|
|
run_commands = false
|
|
# Enables running commands in the shell, with the user that splunk runs as.
|
|
# Use with caution.
|
|
# Defaults to false
|
|
|
|
hide_settings = false
|
|
# Hide the "Settings" link from the home screen. Note that if write_access
|
|
# is true then settings can still be changed at
|
|
# etc/apps/config_explorer/local/config_explorer.conf. When the Settings link
|
|
# is displayed, it can be changed even when write_access is off. To
|
|
# prevent all editing, set hide_settings = true and write_access = false .
|
|
# Defaults to false.
|
|
|
|
#max_file_size = 10
|
|
# The maximum file size in megabytes that can be opened.
|
|
# Defaults to 10
|
|
|
|
#cache_file_depth = 5
|
|
# Cache the list of files and folders for the left pane to this many levels deep.
|
|
# This makes navigation much faster (especially on windows) but uses more memory,
|
|
# causes slightly slower startup, and will not follow symbolic links. Set to 0 to
|
|
# disable cache but allow caching of visited directories. Set -1 to disable all caching.
|
|
# Defaults to 5
|
|
|
|
#conf_validate_on_save = true
|
|
# Show a green or red indicator in the code gutter of each line if it appears
|
|
# in the btool list output or not. Note: There are some of edge cases where this
|
|
# doesn't work properly, so run btool yourself to confirm.
|
|
# Defaults to true
|
|
|
|
#btool_dir_for_deployment_apps =
|
|
# If this server is a deployment server, then set this property to a sym-linked copy of the deployment-apps folder.
|
|
# this will enable the btool gutter-hinting in config files to work with config in the deployment-apps folder
|
|
# perform these steps to create the sym-linked deployment-apps folder. Note this only works on *nix-based platforms
|
|
# 1. mkdir /opt/splunk/etc/deployment-apps-for-btool/
|
|
# 2. cd /opt/splunk/etc/deployment-apps-for-btool/
|
|
# 3. ln -s /opt/splunk/etc/deployment-apps apps
|
|
# 4. Set this parameter to: btool_dir_for_deployment_apps = /opt/splunk/etc/deployment-apps-for-btool
|
|
# For more info on why the symlinking process is necissary, please see: https://answers.splunk.com/answers/731787
|
|
|
|
#btool_dir_for_master_apps =
|
|
# If this server is a cluster master server, then set this property to a sym-linked copy of the master-apps folder.
|
|
# this will enable the btool gutter-hinting in config files to work with config in the master-apps folder
|
|
# perform these steps to create the sym-linked master-apps folder. Note this only works on *nix-based platforms
|
|
# 1. mkdir /opt/splunk/etc/master-apps-for-btool/
|
|
# 2. cd /opt/splunk/etc/master-apps-for-btool/
|
|
# 3. ln -s /opt/splunk/etc/master-apps apps
|
|
# 4. Set this parameter to: btool_dir_for_master_apps = /opt/splunk/etc/master-apps-for-btool
|
|
# For more info on why the symlinking process is necissary, please see: https://answers.splunk.com/answers/731787
|
|
|
|
#btool_dir_for_manager_apps =
|
|
# If this server is a cluster manager server, then set this property to a sym-linked copy of the manager-apps folder.
|
|
# this will enable the btool gutter-hinting in config files to work with config in the manager-apps folder
|
|
# perform these steps to create the sym-linked manager-apps folder. Note this only works on *nix-based platforms
|
|
# 1. mkdir /opt/splunk/etc/manager-apps-for-btool/
|
|
# 2. cd /opt/splunk/etc/manager-apps-for-btool/
|
|
# 3. ln -s /opt/splunk/etc/manager-apps apps
|
|
# 4. Set this parameter to: btool_dir_for_manager_apps = /opt/splunk/etc/manager-apps-for-btool
|
|
# For more info on why the symlinking process is necissary, please see: https://answers.splunk.com/answers/731787
|
|
|
|
#btool_dir_for_shcluster_apps =
|
|
# This will enable the btool gutter-hinting in config files to work with config in the shcluster/apps folder
|
|
# Enable this if the current server is a search head deployer.
|
|
# There is no need to create a sym-link for this path, however an absolute path to shcluster must be set.
|
|
# e.g. /opt/splunk/etc/shcluster
|
|
|
|
#git_autocommit = false
|
|
# Track all file saves by automatically committing them to git with a generic message.
|
|
# Note you must first configure the git repo using "git init". Please see the documentation.
|
|
# Autocommitting is a 'best effort' and not guaranteed.
|
|
# Defaults to false
|
|
|
|
#git_autocommit_show_output = auto
|
|
# When autocommit is enabled, when should we show the commit log
|
|
# true = Always show git messages
|
|
# false = Never show git output
|
|
# auto = Only show git messages when there is a non-zero status code
|
|
# Defaults to auto
|
|
|
|
#git_autocommit_dir =
|
|
# Force specific git repository location, relative to SPLUNK_HOME directory.
|
|
# Defaults to empty, meaning normal git rules will apply (search up from current directory)
|
|
|
|
#git_autocommit_work_tree =
|
|
# Force root location from where changes are tracked, relative to SPLUNK_HOME directory
|
|
# Set to "etc/" to track all changes beneath etc folder.
|
|
# Defaults to empty, meaning the normal git behavior will apply.
|
|
|
|
#detect_changed_files = true
|
|
# Check if files that are open have changed on the filesystem and warn if so.
|
|
# Defaults to true
|
|
|
|
#master_apps_gutter_unnecissary_config_files = <string>
|
|
# When viewing a config file within a subfolder of the /master-apps/ folder, if it matches this pattern, then a grey indicator
|
|
# will be shown in the gutter with a tooltip that shows: "In most environments, this property is not needed on indexers".
|
|
# In many environments the following configs are not desired on Indexers and can be appended: |restmap|web|inputs
|
|
# Set empty to disable the gray gutter warnings of unnecissary props/transforms config
|
|
# Default: alert_actions|addon_builder|checklist|collections|datamodels|deploymentclient|distsearch|eventgen|eventtypes|macros|savedsearches|tags|times|wmi|workflow_actions
|
|
|
|
#master_apps_gutter_useful_props_and_transforms = <string>
|
|
# When viewing a props or transforms config file within a subfolder of the /master-apps/ folder, if the property does not match
|
|
# this pattern, then a grey indicator will be shown in the gutter with a tooltip that shows:
|
|
# "In most environments, this property is not needed on indexers".
|
|
# Set empty to disable grey highlighting in props and transforms
|
|
# Default: priority|TRUNCATE|LINE_BREAKER|LINE_BREAKER_LOOKBEHIND|SHOULD_LINEMERGE|BREAK_ONLY_BEFORE_DATE|BREAK_ONLY_BEFORE|MUST_BREAK_AFTER|MUST_NOT_BREAK_AFTER|MUST_NOT_BREAK_BEFORE|DATETIME_CONFIG|TIME_PREFIX|MAX_TIMESTAMP_LOOKAHEAD|TIME_FORMAT|TZ|TZ_ALIAS|MAX_DAYS_AGO|MAX_DAYS_HENCE|MAX_DIFF_SECS_AGO|MAX_DIFF_SECS_HENCE|ADD_EXTRA_TIME_FIELDS|METRICS_PROTOCOL|STATSD-DIM-TRANSFORMS|TRANSFORMS|CHECK_FOR_HEADER|SEDCMD|SEGMENTATION|ANNOTATE_PUNCT|description|category|REGEX|FORMAT|MATCH_LIMIT|DEPTH_LIMIT|CLONE_SOURCETYPE|LOOKAHEAD|WRITE_META|DEST_KEY|DEFAULT_VALUE|SOURCE_KEY|REPEAT_MATCH|INGEST_EVAL|REGEX|REMOVE_DIMS_FROM_METRIC_NAME|METRIC
|
|
|
|
#master_apps_gutter_used_sourcetypes = <string>
|
|
# Have you ever wondered if you have parsing stanzas in master-apps/*/*/props.conf that are not being used in your environment?
|
|
# Config Explorer can show an indicator in the gutter for stanzas that do not match the pattern defined here.
|
|
# This does not work on props stanzas like the following "[source::*", "[host::*", "[(*"
|
|
# Use the below search as an administrator to autmatically create the pattern:
|
|
# | metadata type=sourcetypes index=* index=_* | fields sourcetype | format "" "" "" "" "" "" | rex mode=sed field=search "s/\"\s+sourcetype=\"/|/g" | rex mode=sed field=search "s/(\s*sourcetype=|\s*$)//g"
|
|
# Set empty to disable grey highlighting of stanzas that are not used
|
|
# Defaults to empty
|
|
|
|
#master_apps_gutter_used_sourcetypes_date = <string>
|
|
# As the above master_apps_gutter_used_sourcetypes pattern is a one-off snapshot in time, this property allows you to know
|
|
# "how out of date" the above pattern of known sourcetypes is. Must be in the format YYYY-MM-DD
|
|
# Set this to the current date when the above search is run.
|
|
# Defaults to empty
|
|
|
|
#debug_refresh_endpoints = <string>
|
|
# A list of endpoints that will show when you click the button "Debug/refresh endpoint" button on the config explorer home page. Set to a blank string to hide the button.
|
|
|
|
# rest_api_dashboard_list = <bool>
|
|
# Show a new "Splunk REST API" section in the left pane, which allows opening and saving dashboard XML files using the REST API.
|
|
# Defaults to false
|
|
|
|
#dashboard_xml_file_experimental_actions = <bool>
|
|
# Right-clicking on a dashboard XML file will show options to "Attempt view in browser" and "Attempt edit via REST API".
|
|
# When using one of these options its importent to understand that the file that opens might not be the exact file that was clicked on.
|
|
# For example if you click on a XML file in APP/default/data/ui/views/ and there is a file also in APP/local/data/ui/views/, then Splunk
|
|
# will open the "local" version. Private user dashboards may also take priority. Only enable this option if you understand this well.
|
|
# Defaults to false
|
|
|
|
############################################################################
|
|
# Custom action hooks #
|
|
############################################################################
|
|
|
|
# Custom hooks create right-click actions for files that match a regular expression
|
|
# See etc/apps/config_explorer/default/config_explorer.conf for many examples,
|
|
# and read the .spec file. There are links to both these actions in the right click menu.
|
|
|
|
#[hook:<unique_name>]
|
|
#match = .*
|
|
#matchtype = file
|
|
#showWithSave = false
|
|
#label = Test
|
|
#action = run:echo ${BASEFILE}
|
|
#disabled = false
|
|
#showWithSave = true
|
|
#showInPane = both
|
|
#order = 10
|
|
|
|
# An example hook showing how to run "git status" on a folder
|
|
# [hook:git_status]
|
|
# match = .*
|
|
# matchtype = folder
|
|
# label = Git status
|
|
# action = run:cd ${FILE} && git status
|
|
# showWithSave = false
|
|
|
|
# when editing .conf files in "deployment-apps", have an option to run btool
|
|
# this is also useful on search head deployers. See "btool_dirs" above for extra notes.
|
|
# [hook:btool-deployment-apps-for-btool]
|
|
# match = /deployment-apps.*(?:local|default)/[^\/]*\.conf$
|
|
# label = [deployment-apps-for-btool] Run btool on ${BASEFILE}
|
|
# action = btool:${BASEFILE}:/opt/splunk/etc/deployment-apps-for-btool
|
|
# showWithSave = false
|
|
|
|
############################################################################
|
|
# Custom home-tab actions #
|
|
############################################################################
|
|
|
|
# Actions are buttons on the home tab that can be used to run common actions.
|
|
# the run_commands option must be enabled. Read the spec file for hooks which
|
|
# uses the same command options.
|
|
|
|
# Examples below:
|
|
|
|
# [action:ftw]
|
|
# label = Splunk FTW
|
|
# # Linux
|
|
# action = run:echo running bin/splunk ftw ; bin/splunk ftw
|
|
# # Windows
|
|
# action = run:echo running bin\\splunk ftw ; bin\\splunk ftw
|
|
# description = ORLY?
|
|
# disabled = false
|
|
# order = 10
|
|
|
|
# [action:reload_deploy_server]
|
|
# label = Reload deploy-server
|
|
# # Linux
|
|
# action = run:./bin/splunk reload deploy-server
|
|
# # Windows
|
|
# action = run:bin\\splunk reload deploy-server
|
|
# order = 20
|
|
|
|
# Add a home screen button for checking deployment-apps for config errors
|
|
# see "btool_dirs" above for extra notes.
|
|
# [action:btool-deployment-apps-for-btool-check]
|
|
# label = Btool check deployment-apps
|
|
# action = run:./bin/splunk btool check --dir=/opt/splunk/etc/deployment-apps-for-btool
|
|
# description = Check for config errors in deployment-apps folder
|
|
# order = 30
|
|
|
|
# [action:shc_apply_bundle]
|
|
# label = Send bundle to search heads
|
|
# # Linux
|
|
# action = run:./bin/splunk apply shcluster-bundle -target https://FQDN_OF_A_SEARCH_HEAD:8089 --answer-yes
|
|
# # Windows
|
|
# action = run:bin\\splunk apply shcluster-bundle -target https://FQDN_OF_A_SEARCH_HEAD:8089 --answer-yes
|
|
# order = 20
|
|
|
|
# [action:idx_apply_bundle]
|
|
# label = Send bundle to indexers
|
|
# Linux
|
|
# action = run:./bin/splunk apply cluster-bundle --answer-yes
|
|
# Windows
|
|
# action = run:bin\\splunk apply cluster-bundle --answer-yes
|
|
# order = 20
|
|
|
|
# [action:kill_persistant_threads]
|
|
# # Linux only
|
|
# label = Kill persistant threads
|
|
# action = run:echo triggered task to kill threads; nohup sh -c "sleep 2; ps aux | grep \"persistconn\/appserver\" | grep -v \"grep\" | awk '{print \$2}' | xargs kill" >/dev/null 2>&1 &
|
|
# order = 20
|
|
|
|
# [action:restart_splunk_web]
|
|
# # Linux only
|
|
# label = restart splunk-web
|
|
# action = run:echo restart splunkweb triggered; nohup sh -c "sleep 2; ./bin/splunk restart splunkweb" >/dev/null 2>&1 &
|
|
# order = 80
|
|
|
|
# [action:restart_splunk]
|
|
# # Linux only
|
|
# label = restart splunk
|
|
# action = run-safe:echo restart splunk triggered; nohup sh -c "sleep 2; ./bin/splunk restart" >/dev/null 2>&1 &
|
|
# order = 90
|
|
|