The structure of a Splunk configuration file

The .conf files used by Splunk look very similar to .ini files. A simple configuration looks like this:

#settings for foo
[foo]
bar=1
la = 2

Let's look at the following couple of definitions:

  • stanza: A stanza is used to group attributes. Our stanza in this example is [foo]. A common synonym for this is section. Keep in mind the following key points:
    • A stanza name must be unique in a single file
    • Order does not matter
  • attribute: An attribute is a name-value pair. Our attributes in this example are bar and la. A common synonym is parameter. Keep in mind the following key points:
    • The attribute name must not contain whitespace or the equals sign
    • Each attribute belongs to the stanza defined above; if the attribute ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial