Documentation > Splunk > Troubleshooting Manual > Use btool to troubleshoot configurations

Troubleshooting Manual

 


Welcome to the Troubleshooting Manual
First steps
Splunk log files
Contact Splunk Support
Some common scenarios

Use btool to troubleshoot configurations

Contents

Use btool to troubleshoot configurations

Splunk's configuration file system supports many overlapping configuration files in many different locations. How these configuration files interact with and take precedence over one another is described in "Configuration file precedence" in the Admin Manual. This flexibility can occasionally make it hard to figure out exactly which configuration value Splunk is using.

To help you out, Splunk provides btool. This is a command line tool that can help you troubleshoot configuration file issues or just see what values are being used by your Splunk installation.

Note: btool is not tested by Splunk and is not officially supported or guaranteed. That said, it's what our Support team uses when trying to troubleshoot your issues.

Investigate configuration values of your entire Splunk installation

You can run btool to see all the configuration values in use by your Splunk instance.

From $SPLUNK_HOME/bin type:

./splunk cmd btool <conf_file_prefix> list

where <conf_file_prefix> is the name of the configuration file you're interested in (minus the .conf extension). The list literal specifies that you want to list the options.

For example, to see what settings transforms.conf is using, type:

./splunk cmd btool transforms list

By the way, you'll probably want to send the results of btool into a text file that you can peruse then delete, like this:

./splunk cmd btool transforms list > /tmp/transformsconfigs.txt

Piping to a file is handy for all use cases of btool, but for simplicity we'll only explicitly mention it this once.

Investigate configuration values in one app

You can also run btool for a specific app in your Splunk installation. It will list all the configuration values in use by that app for a given configuration file.

To run btool, go to $SPLUNK_HOME/bin and type:

./splunk cmd btool --app=<app_name> <conf_file_prefix> list

where <app_name> is the name of the app you want to see the configurations for.

For example, if you want to know what configuration options are being used in props.conf by the Search app, type:

./splunk cmd btool --app=search props list

This returns a list of the props.conf settings currently being used for the Search app.

The app name is not required. In fact, it's often a good idea not to specify the app when using btool. In the case of btool, insight into all of your configurations can be helpful.

Learn where configuration values come from

Another thing you can do with btool is find out from which specific app Splunk is pulling its configuration parameters for a given configuration file. To do this, add the --debug flag to btool like in this example for props.conf:

./splunk cmd btool props list --debug


Read about btool syntax in the Admin Manual.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/Troubleshooting/Usebtooltotroubleshootconfigurations"

This documentation applies to the following versions of Splunk: 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!