Understanding Configuration Paths and Files
Even though all LogStream Routes, Pipelines, and Functions can be managed from the UI, it's important to understand how the configuration works under the hood. Here is how configuration paths and files are laid out on the filesystem.
|Path Placeholder||Expanded Path|
|Standalone Install: |
Cribl App for Splunk Install:
Out-of-the-box defaults (rewritable) and libraries (expandable)
User-created integrations and resources
Each Pipeline's conf is contained therein.
Each function's code, conf is contained therein.
Each function's conf is contained therein.
RBAC Role definitions. See roles.yml.
RBAC Policy definitions. See policies.yml.
Configurations and Restart
- Configuration changes resulting from most UI interactions – for instance, changing the order of Functions in a Pipeline, or changing the order of Routes – do not require restarts.
- Some configuration changes in the Settings UI do require restarts. You will be prompted to confirm before restarting.
- All direct edits to configuration files in
(bin|local|default)/cribl/...will require restarts.
- Worker Nodes might temporarily disappear from the Leader's Workers tab while restarting.
- When using the Cribl App for Splunk, changes to Splunk configuration files might or might not require restarts. Please check current Splunk docs.
Configuration Layering and Precedence
Similar to most *nix systems, Cribl configurations in
local take precedence over those in
default. There is no layering of configuration files.
Editing Configuration Files Manually
When config files must be edited manually, save all changes in