Understanding Configuration Paths and Files
Even though all the Routes, Pipelines, and Functions can be managed from the UI, it's important to understand how the configuration works under the hood. At the time of this writing this is how configuration paths and files are laid on the filesystem.
| Standalone Install: Splunk App Install: |
|---|
All paths below are relative to $CRIBL_HOME.
Default Configurations |
|
|---|---|
Local Configurations |
|
System Configuration |
|
API Configuration |
|
Source Configuration |
|
Destination Configuration |
|
License Configuration |
|
Regexes Configuration |
|
Breakers Configuration |
|
Limits Configuration |
|
Pipelines Configuration |
|
Routes Configuration |
|
Functions |
|
Functions Conf |
|
Configurations and Restart
- Any configuration changes resulting from UI interactions, for instance, changing the order of functions in a pipeline, or changing the order of routes, do not require restarts.
- All Cribl LogStream configuration file changes resulting from direct file manipulations in
(bin|local|default)/cribl/...will require restarts. - Worker Nodes might temporarily disappear from the Master's Workers tab while restarting.
- In the case of a Cribl App for Splunk, Splunk configurations file changes might or might not require restarts. Please check with recent Splunk docs.
Configuration Layering and Precedence
Similar to most *nix systems, Cribl configurations in local take precedence over those in default. There is no layering of configuration files.
Editing Configuration Files Manually
When config files must be edited manually, save all changes in
local.
Updated 2 months ago