Even though all the Routes, Pipelines, and Functions can be managed from the UI, it's important to understand how the configuration works under the hood. At the time of this writing this is how configuration paths and files are laid on the filesystem.
Splunk App Install:
All paths below are relative to
Each pipeline's conf is contained therein
Each function's code, conf is contained therein
Each function's conf contained therein.
- Any configuration changes resulting from UI interactions, for instance, changing the order of functions in a pipeline, or changing the order of routes, do not require restarts.
- All Cribl LogStream configuration file changes resulting from direct file manipulations in
(bin|local|default)/cribl/...will require restarts.
- In the case of a Cribl App for Splunk, Splunk configurations file changes may or may not require restarts. Please check with recent Splunk docs.
Similar to most *nix systems, Cribl configurations in
local take precedence over those in
default. There is no layering of configuration files.
Editing Configuration Files Manually
When config files must be edited manually, all changes should be done in
Updated 6 months ago