Bundle directory structure

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Bundle directory structure

Bundles are placed into a Splunk installation as subdirectories of $SPLUNK_HOME/etc/bundles/. Your Splunk Server ships with several bundle directories installed. The ones you will need to be aware of are:

default - this is the pre-configured version of configuration files. Do not modify the files in default.
local - this set of configuration files stores modifications you make through the web interface or command line, and is where you should generally make any direct configuration file edits.
learned - this set of configurations are settings created by the Splunk server as it trains on incoming data.
readme - this directory contains example and spec configuration files that can help you create your own configuration files.

The local bundle takes precedence over any other bundle. Read more about bundle precedence.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.0.2/Admin/BundleDirectoryStructure"

« What are Bundles? Bundle precedence »

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Admin Manual

Bundle directory structure

Bundle directory structure

Comments