About configuration files in ITE Work
configuration information is stored in configuration files. These files are identified by the .conf
extension and hold the information for different aspects of your ITE Work configurations. These aspects include:
- System settings
- Authentication and authorization information
- KPI, glass table, and deep dive configurations
- Notable event configurations
- Module settings
A single Splunk instance typically has multiple versions of configuration files across several directories. You can have configuration files with the same name in your default, local, and app directories. This creates a layering effect that allows Splunk to determine configuration priorities based on factors such as the current user and the current app.
For a list of ITE Work configuration files and an overview of the area each file covers, see List of ITE Work configuration files in this manual.
Most configuration files come packaged with your ITE Work software in the $SPLUNK_HOME/etc/apps/
directory.
Editing a configuration file
Never change, copy, or move the configuration files in the default directory. Default files must remain intact and in their original location. To change settings for a particular configuration file, you must first create a new version of that file in a non-default directory and then add the settings that you want to change. When you first create this new version of the file, start with an empty file. Do not start from a copy of the file in the default directory.
Before you change any configuration files:
- Learn about how the default configuration files work, and where to put the files that you edit. See Configuration file directories.
- Learn about the structure of the stanzas that comprise configuration files and how the attributes you want to edit are set up. See Configuration file structure.
- Learn how different versions of the same configuration files in different directories are layered and combined. See Configuration file precedence.
- Consult the .spec and .example files for the configuration file. These files reside in the file system in
$SPLUNK_HOME/etc/apps/SA-ITOA/README
or$SPLUNK_HOME/etc/apps/itsi/README
After you are familiar with the configuration file content and directory structure, and understand how to leverage configuration file precedence, see How to edit a configuration file to learn how to safely modify your files.
Use the Service Statistics Dashboard | List of ITE Work configuration files |
This documentation applies to the following versions of Splunk® IT Essentials Work: 4.16.0 Cloud only
Feedback submitted, thanks!