What are Bundles?
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
What are Bundles?
A bundle is a directory of one or more configuration files. The majority of Splunk's functionality can be set up through configuration files in any number of bundles. Learn more about bundle configuration.
For each configuration file, there are two reference files; .spec and .example. For example, inputs.conf.spec and inputs.conf.example. The .spec file is a specification of syntax, including which attributes and variables are available. The .example files are helpful examples of real-world usage. These files are all found in the $SPLUNK_HOME/etc/bundles/README directory. Learn more about Splunk's bundle directory structure.
All bundles are housed in $SPLUNK_HOME/etc/bundles/ and must be placed inside a subdirectory to be activated. Bundles can be separated based on functionality, or collapsed into a single subdirectory containing each user-crafted configuration file. Learn more about bundle best practices.
Bundles make packaging customizations easy. Once you have created a working bundle for a single Splunk server, you can then distribute it to target servers through the Splunk deployment server or share them with others through SplunkBase.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.