Documentation > Splunk > Admin Manual > Configuration file list

Admin Manual

 


How Splunk Works
Getting Started
Data Inputs
Data Distribution
Indexing
Timestamps
Fields
Hosts
Source Types
Event Types
Transaction Types
Search
Distributed Search
Security
Data Management
Deployment Server
Performance Tuning
Configuration Files
Applications
Reference
Troubleshooting

Configuration file list

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Configuration file list

Here is a list of all Splunk's configuration files with descriptions. Descriptions link to configuration instructions. Examples and specifications for each configuration file are contained in $SPLUNK_HOME/etc/bundles/README/.


FilePurpose
alert_actions.confCustomize Splunk's global alerting actions.
audit.confConfigure auditing and event hashing.
authentication.confToggle between Splunk's built-in authentication or LDAP. Configure LDAP.
authorize.confConfigure roles, including granular access controls.
deployment_server.confSet up deployment servers and clients.
decorations.confCustomize dynamic event rendering.
eventdiscoverer.confSet terms to ignore for typelearner (event discovery).
eventtypes.confCreate event type definitions.
fields.confCreate multivalue fields and add search capability for indexed fields.
field_actions.confEnable clickable actions on fields in SplunkWeb.
indexes.confManage and configure index settings.
inputs.confSet up data inputs.
literals.confCustomize the text displayed in Splunk Web.
multikv.confConfigure extraction rules for table-like events (eg ps, netstat, ls).
outputs.confSet up forwarding, routing, cloning and data balancing.
prefs.confSpecify user preferences and dashboards for Splunk Web.
props.confSet indexing property configurations, including timezone offset and custom sourcetype rules. Also map transforms to event properties.
restmap.confConfigure REST endpoints.
savedsearches.confDefine saved searches and their associated schedules and alerts.
segmenters.confCustomize segmentation rules for indexed events.
server.confEnable SSL for Splunk's back-end and specify certification locations.
sourceclassifier.confTerms to ignore (eg sensitive data) when creating a sourcetype.
sourcetypes.confMachine-generated file that stores sourcetype learning rules created by sourcetype training.
streams.confConfigure additional streams for Live tail.
transactiontypes.confAdd additional transaction types for transaction search.
transforms.confConfigure regex transformations to perform on data inputs. Use in tandem with props.conf.
user_seed.confSet a default user and password.
web.confConfigure Splunk Web, enable HTTPs.
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.2.4/Admin/ConfigurationFileList"

This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!