in Splunk Interview

Splunk Interview Questions for Admin

122 Views

3. File precedence

File precedence is an important aspect of troubleshooting in Splunk for an administrator, developer, as well as an architect. All of Splunk’s configurations are written within plain text .conf files. There can be multiple copies present for each of these files, and thus it is important to know the role these files play when a Splunk instance is running or restarted.

To determine the priority among copies of a configuration file, Splunk software first determines the directory scheme. The directory schemes are either a) Global or b) App/user.

When the context is global (that is, where there’s no app/user context), directory priority descends in this order:

  1. System local directory — highest priority
  2. App local directories
  3. App default directories
  4. System default directory — lowest priority

When the context is app/user, directory priority descends from user to app to system:

  1. User directories for current user — highest priority
  2. App directories for currently running app (local, followed by default)
  3. App directories for all other apps (local, followed by default) — for exported settings only
  4. System directories (local, followed by default) — lowest priority

What do you think?

0 Points
Upvote Downvote

splunksplunk interview

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

splunk interview questions for developer

Splunk Interview Questions for Developer
datamodel in splunk

Data Model in Splunk