1 00:00:02,450 --> 00:00:10,340 The configuration file hierarchy is plant at the beginning can be a difficult to understand, but I'll 2 00:00:10,340 --> 00:00:19,700 try to make it as much simple as I can and also let us test the configuration and validate how the hierarchy 3 00:00:19,700 --> 00:00:20,180 works. 4 00:00:20,180 --> 00:00:29,330 In our demo instance of Amazon, the hierarchy of Splunk configuration files are arranged as below. 5 00:00:30,570 --> 00:00:34,770 As per their hierarchy in Splunk to override configuration. 6 00:00:35,700 --> 00:00:38,130 The system local is the. 7 00:00:39,550 --> 00:00:41,920 Holding the highest privilege for. 8 00:00:43,040 --> 00:00:44,650 Over 18 configuration. 9 00:00:44,660 --> 00:00:50,180 Let's say you define some configuration in system local and it's a system local. 10 00:00:50,180 --> 00:00:59,210 It will be under ATC system local, whatever the configuration you define in this directory will be 11 00:00:59,210 --> 00:01:04,580 overwritten across the configuration which are defined in these three locations. 12 00:01:05,120 --> 00:01:09,740 This will be your highest hierarchy for the Splunk configuration. 13 00:01:10,190 --> 00:01:12,950 The second is the app local. 14 00:01:13,800 --> 00:01:17,580 The app lokal will be under Etsy. 15 00:01:19,100 --> 00:01:19,630 It is. 16 00:01:20,980 --> 00:01:21,700 Apps. 17 00:01:22,430 --> 00:01:23,600 One of the apps. 18 00:01:23,600 --> 00:01:27,320 Let's begin with the default app search and. 19 00:01:31,450 --> 00:01:35,230 So there is no local file as of now. 20 00:01:35,230 --> 00:01:42,280 But we can create our own local files you'll be able to see in our Demo Splunk instance, which has 21 00:01:42,280 --> 00:01:43,720 already been started. 22 00:01:44,680 --> 00:01:47,050 So let's see if there is any. 23 00:01:48,990 --> 00:01:50,820 Let me change the font size. 24 00:01:59,030 --> 00:02:00,680 This should be clear enough. 25 00:02:01,610 --> 00:02:02,270 Yes. 26 00:02:03,330 --> 00:02:10,980 But now we know will be using application account called Splunk through order to do real. 27 00:02:14,090 --> 00:02:16,940 For running a Splunk instance. 28 00:02:18,290 --> 00:02:21,350 Let me check whether we have a Splunk instance running. 29 00:02:30,330 --> 00:02:31,420 It is not running. 30 00:02:31,440 --> 00:02:32,760 Let me bring it up. 31 00:02:36,190 --> 00:02:37,510 To start Splunk. 32 00:02:37,840 --> 00:02:40,480 This will be your command, the complete path. 33 00:02:40,480 --> 00:02:46,480 Or you can go to this directory and use the Splunk utility with an argument start. 34 00:03:02,880 --> 00:03:04,650 Now this plan is up. 35 00:03:06,050 --> 00:03:07,070 Let us see. 36 00:03:08,270 --> 00:03:13,490 Will go to the Caesars Blanco Etsy apps search. 37 00:03:14,300 --> 00:03:15,020 Local. 38 00:03:16,330 --> 00:03:24,100 See there is files which have been created, that is data, models and data which has been edited by 39 00:03:24,100 --> 00:03:26,200 the user or admin. 40 00:03:26,350 --> 00:03:34,960 So this is our apps local location center, etsy apps and the app name followed by local. 41 00:03:34,990 --> 00:03:37,090 This is the second highest. 42 00:03:38,600 --> 00:03:41,990 Configuration which Splunk can override. 43 00:03:44,560 --> 00:03:46,810 The next is the app default. 44 00:03:46,840 --> 00:03:52,070 Since we are seeing the search, local will see the same default location. 45 00:03:52,090 --> 00:03:54,370 I'll go one directory behind. 46 00:03:54,580 --> 00:03:57,000 Let me check the default directory. 47 00:03:57,010 --> 00:03:59,230 So here is our default directory. 48 00:04:00,770 --> 00:04:04,100 So this is the default directory of application. 49 00:04:05,550 --> 00:04:14,610 It has a couple of configuration files which are which it can override upon system default. 50 00:04:14,760 --> 00:04:20,430 The system default is our least hierarchical system. 51 00:04:20,430 --> 00:04:22,010 Local is the highest. 52 00:04:22,020 --> 00:04:30,030 Whatever you define here will be overwritten no matter what it is present in these three location system 53 00:04:30,030 --> 00:04:32,370 default location contains. 54 00:04:33,900 --> 00:04:36,990 Let me quickly go into system local. 55 00:04:36,990 --> 00:04:44,940 That is Splunk followed by ETSI System Local which contains all the configuration. 56 00:04:46,130 --> 00:04:46,740 Sorry. 57 00:04:46,790 --> 00:04:48,920 Should be system default. 58 00:04:50,520 --> 00:04:58,290 Which contains all the configurations of Splunk so that even if a user misses some of the configuration, 59 00:04:58,290 --> 00:05:01,950 it can start from the default configuration. 60 00:05:03,660 --> 00:05:06,090 Business plan process starts up. 61 00:05:06,540 --> 00:05:13,050 Let's see how it will pick up the port FTP or FTP as port first. 62 00:05:13,050 --> 00:05:15,410 It will check for system local. 63 00:05:15,420 --> 00:05:22,530 If it is there, it will ignore all three of this even though if they are mentioned to customize port, 64 00:05:22,530 --> 00:05:26,590 but anything that is mentioned here will be overwritten. 65 00:05:26,610 --> 00:05:29,640 Similarly, the next step for checking. 66 00:05:29,640 --> 00:05:39,240 If it couldn't find the configuration for the HTTP or HTTPS ports here, it will move to app local. 67 00:05:40,560 --> 00:05:44,670 If it couldn't find here, then it will move on to app default. 68 00:05:44,700 --> 00:05:45,300 If. 69 00:05:46,110 --> 00:05:53,130 The user has not defined any of the customization for the HTTP or http port. 70 00:05:53,130 --> 00:06:01,260 Then it will automatically pick up from our Splunk default location, which all the configuration required 71 00:06:01,260 --> 00:06:05,700 for starting a Splunk instance are defined by default. 72 00:06:06,090 --> 00:06:12,630 So this is as part of your installation package, you will get all this default configuration so that 73 00:06:12,630 --> 00:06:19,680 the Splunk, as soon as you install the package, it will get all the configuration from your system 74 00:06:19,680 --> 00:06:21,120 default location. 75 00:06:21,300 --> 00:06:27,750 So this configuration can be overwritten from any of these locations.