An overview of Splunk .conf files

If you have spent any time in the filesystem investigating Splunk, you have seen many different files ending in .conf. In this section, we will give a quick overview of the most common .conf files. The official documentation is the best place to look for a complete reference of files and attributes.

Note

The quickest way to find the official documentation is with your favorite search engine by searching for splunk filename.conf. For example, a search for splunk props.conf pulls up the Splunk documentation for props.conf first in every search engine I tested.

props.conf

The stanzas in props.conf define which events to match based on host, source, and sourcetype. These stanzas are merged into the master configuration ...

Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

An overview of Splunk .conf files

Note

props.conf

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly