1
00:00:03,040 --> 00:00:11,830
Once we are completed downloading our Splunk packages, let's understand how the Splunk directory structure

2
00:00:11,830 --> 00:00:18,220
is placed and go through some of the most important directories by default.

3
00:00:18,220 --> 00:00:27,400
The Splunk home, which is referred as OPPT, Splunk or C program files, Splunk and Windows and opt

4
00:00:27,400 --> 00:00:29,770
Splunk by default on Linux.

5
00:00:31,700 --> 00:00:33,620
It is totally customizable.

6
00:00:33,800 --> 00:00:41,330
And throughout this tutorial, whenever we mention Splunk home, it will be either Opt Splunk or C program

7
00:00:41,330 --> 00:00:46,100
files Splunk based on the OS we are using in the context.

8
00:00:47,710 --> 00:00:53,590
So let's open up a installation or Splunk installation package.

9
00:00:54,160 --> 00:00:57,660
This is how a typical installation package looks like.

10
00:00:57,670 --> 00:01:05,500
As you can see from the top, we are using the RPM package from our downloads to go through the directory

11
00:01:05,500 --> 00:01:06,130
structure.

12
00:01:07,830 --> 00:01:11,730
This will be just inside our Splunk comm.

13
00:01:11,730 --> 00:01:14,130
That is to Splunk.

14
00:01:15,040 --> 00:01:20,620
Inside of Splunk, we can see there is a bin directory.

15
00:01:22,350 --> 00:01:26,850
Which is where all the executables of Splunk are placed.

16
00:01:26,880 --> 00:01:35,460
If you see there are a lot of executables which are Python and there are scripts which will be running.

17
00:01:36,560 --> 00:01:41,300
Based on the invocation from the Splunk process and.

18
00:01:42,990 --> 00:01:53,730
Once we go inside bin there is a custom folders called Scripts which is used for placing users created

19
00:01:53,730 --> 00:01:54,450
scripts.

20
00:01:54,600 --> 00:01:59,730
We will see how we can utilize this and the feature discussions.

21
00:02:01,220 --> 00:02:02,840
Let me go back to.

22
00:02:05,990 --> 00:02:08,410
Ah, ah, ah.

23
00:02:08,540 --> 00:02:09,290
Blanco.

24
00:02:11,450 --> 00:02:19,490
The next important directory of Splunk is the ADC directory, where the complete configuration files

25
00:02:19,490 --> 00:02:24,200
of Splunk instruments resides under Etsy.

26
00:02:24,230 --> 00:02:31,010
There are many important directories, like apps where all the applications of Splunk are installed.

27
00:02:31,340 --> 00:02:38,450
Deployment apps, which is used by a deployment server to hold all its clients application and push

28
00:02:38,450 --> 00:02:41,900
this application into the client's master app.

29
00:02:42,080 --> 00:02:42,830
It's.

30
00:02:43,910 --> 00:02:51,860
The Indexer cluster or the Cluster Master where each holds or the cluster related applications, slave

31
00:02:51,860 --> 00:03:00,080
apps which are used by the members of the cluster or the indexers for holding the configuration.

32
00:03:01,420 --> 00:03:02,860
Disabled apps.

33
00:03:03,250 --> 00:03:04,150
These are.

34
00:03:05,180 --> 00:03:06,200
Used by.

35
00:03:07,570 --> 00:03:13,690
The apps which are disabled on this circuit, which will be moved into disabled apps.

36
00:03:14,970 --> 00:03:17,490
And there is finally system.

37
00:03:19,720 --> 00:03:27,280
Which holds all the configurations which are defined or predefined in a Splunk installation.

38
00:03:28,280 --> 00:03:34,100
Once you are actively using Splunk, you'll become much more familiar with the directory structure of

39
00:03:34,100 --> 00:03:36,020
Splunk and get used to it.

40
00:03:38,310 --> 00:03:39,570
And here.

41
00:03:40,250 --> 00:03:45,950
We are missing one more important directory in the Splunk home.

42
00:03:45,950 --> 00:03:53,600
That is our VMware directory since it will be created on the first starting of your.

43
00:03:55,780 --> 00:03:57,340
Splunk installation.

44
00:03:57,340 --> 00:04:00,910
There are two important location inside WAAS.

45
00:04:01,450 --> 00:04:02,800
Let me write it down.

46
00:04:03,460 --> 00:04:06,010
The two important location inside.

47
00:04:06,010 --> 00:04:06,610
What?

48
00:04:07,720 --> 00:04:10,870
So it will be Splunk home.

49
00:04:11,760 --> 00:04:12,840
Followed by.

50
00:04:13,830 --> 00:04:17,610
But Log Splunk.

51
00:04:21,520 --> 00:04:24,010
And the second one will be where?

52
00:04:24,880 --> 00:04:25,630
Splunk.

53
00:04:26,910 --> 00:04:35,220
So these two are some of the most important directories under Splunk, which B which will be created

54
00:04:35,220 --> 00:04:37,890
upon starting off Splunk.

55
00:04:38,610 --> 00:04:48,960
The log Splunk is where all the logs of Splunk applications are stored, and that Lib Splunk is the

56
00:04:48,960 --> 00:04:57,570
default DB location of Splunk where all the password data is stored along with the metadata information.

57
00:05:02,220 --> 00:05:09,990
That should cover most commonly used directories, which are very important as part of our day to day

58
00:05:10,020 --> 00:05:13,810
activity of Splunk, admin or Splunk object.

59
00:05:15,640 --> 00:05:23,680
The configuration files or Splunk are having different hierarchy and they always end with dot conf.

60
00:05:27,100 --> 00:05:29,890
In our next discussion, we'll be discussing.

61
00:05:30,730 --> 00:05:38,680
About how this configurations file works and what is the hierarchy of configuration when a Splunk starts

62
00:05:38,680 --> 00:05:38,980
up?