Splunk® IT Essentials Work

Administration Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

About configuration files in ITE Work

configuration information is stored in configuration files. These files are identified by the .conf extension and hold the information for different aspects of your ITE Work configurations. These aspects include:

  • System settings
  • Authentication and authorization information
  • KPI, glass table, and deep dive configurations
  • Notable event configurations
  • Module settings

A single Splunk instance typically has multiple versions of configuration files across several directories. You can have configuration files with the same name in your default, local, and app directories. This creates a layering effect that allows Splunk to determine configuration priorities based on factors such as the current user and the current app.

For a list of ITE Work configuration files and an overview of the area each file covers, see List of ITE Work configuration files in this manual.

Most configuration files come packaged with your ITE Work software in the $SPLUNK_HOME/etc/apps/ directory.

Editing a configuration file

Never change, copy, or move the configuration files in the default directory. Default files must remain intact and in their original location. To change settings for a particular configuration file, you must first create a new version of that file in a non-default directory and then add the settings that you want to change. When you first create this new version of the file, start with an empty file. Do not start from a copy of the file in the default directory.

Before you change any configuration files:

  • Learn about how the default configuration files work, and where to put the files that you edit. See Configuration file directories.
  • Learn about the structure of the stanzas that comprise configuration files and how the attributes you want to edit are set up. See Configuration file structure.
  • Learn how different versions of the same configuration files in different directories are layered and combined. See Configuration file precedence.
  • Consult the .spec and .example files for the configuration file. These files reside in the file system in $SPLUNK_HOME/etc/apps/SA-ITOA/README or $SPLUNK_HOME/etc/apps/itsi/README

After you are familiar with the configuration file content and directory structure, and understand how to leverage configuration file precedence, see How to edit a configuration file to learn how to safely modify your files.

Last modified on 19 December, 2023
Use the Service Statistics Dashboard   List of ITE Work configuration files

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.16.0 Cloud only


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters