The structure of a Splunk configuration file
The .conf files
used by Splunk look very similar to .ini files. A simple configuration looks like this:
#settings for foo [foo] bar=1 la = 2
Let's look at the following couple of definitions:
stanza: A stanza is used to group attributes. Our stanza in this example is
[foo]. A common synonym for this is section. Keep in mind the following key points:A stanza name must be unique in a single file
Order does not matter
attribute: An attribute is a name-value pair. Our attributes in this example are
barandla. A common synonym is parameter. Keep in mind the following key points:The attribute name must not contain whitespace or the equals sign
Each attribute belongs to the stanza defined above; if the attribute appears above all stanzas, the attribute belongs to the stanza
[default]The attribute name must be unique in a single stanza but not in a configuration
Each attribute must have its own line and can only use one line
Spaces around the equal sign...
