O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The structure of a Splunk configuration file

The .conf files used by Splunk look very similar to .ini files. A simple configuration looks like this:

#settings for foo
[foo]
bar=1
la = 2

Let's look at the following couple of definitions:

  • stanza: A stanza is used to group attributes. Our stanza in this example is [foo]. A common synonym for this is section. Keep in mind the following key points:
    • A stanza name must be unique in a single file
    • Order does not matter
  • attribute: An attribute is a name-value pair. Our attributes in this example are bar and la. A common synonym is parameter. Keep in mind the following key points:
    • The attribute name must not contain whitespace or the equals sign
    • Each attribute belongs to the stanza defined above; if the attribute ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required