Command line reference
KSCONF supports the following CLI options:
ksconf
usage: ksconf [-h] [--version] [--force-color] [--disable-color] {attr-get,attr-set,check,combine,diff,filter,merge,minimize,package,promote,rest-export,rest-publish,snapshot,sort,unarchive,xml-format} ... KSCONF: Ksconf Splunk CONFig tool This utility handles a number of common Splunk app maintenance tasks in a small and easy to deploy package. Specifically, this tool deals with many of the nuances with storing Splunk apps in git and pointing live Splunk apps to a git repository. Merging changes from the live system's (local) folder to the version controlled (default) folder and dealing with more than one layer of "default" are all supported tasks which are not native to Splunk. positional arguments: {attr-get,attr-set,check,combine,diff,filter,merge,minimize,package,promote,rest-export,rest-publish,snapshot,sort,unarchive,xml-format} attr-get Get the value from a specific stanzas and attribute attr-set Set the value of a specific stanzas and attribute check Perform basic syntax and sanity checks on .conf files combine Combine configuration files across multiple source directories into a single destination directory. This allows for an arbitrary number of Splunk configuration layers to coexist within a single app. Useful in both ongoing merge and one-time ad-hoc use. diff Compare settings differences between two .conf files ignoring spacing and sort order filter A stanza-aware GREP tool for conf files merge Merge two or more .conf files minimize Minimize the target file by removing entries duplicated in the default conf(s) package Create a Splunk app .spl file from a source directory promote Promote .conf settings between layers using either batch or interactive mode. Frequently this is used to promote conf changes made via the UI (stored in the 'local' folder) to a version-controlled directory, such as 'default'. rest-export Export .conf settings as a curl script to apply to a Splunk instance later (via REST) rest-publish Publish .conf settings to a live Splunk instance via REST snapshot Snapshot .conf file directories into a JSON dump format sort Sort a Splunk .conf file creating a normalized format appropriate for version control unarchive Install or upgrade an existing app in a git-friendly and safe way xml-format Normalize XML view and nav files options: -h, --help show this help message and exit --version show program's version number and exit --force-color Force TTY color mode on. Useful if piping the output a color-aware pager, like 'less -R' --disable-color Disable TTY color mode. This can also be setup as environmental variable: 'export KSCONF_TTY_COLOR=off'
ksconf attr-get
usage: ksconf attr-get [-h] --stanza STANZA --attribute ATTR [--missing-okay] [-o OUTPUT] conf [conf ...] Get a specific stanza and attribute value from a Splunk .conf file. positional arguments: conf Input file or standard input. options: -h, --help show this help message and exit --stanza STANZA, -s STANZA Name of the stanza within CONF to retrieve. --attribute ATTR, --attr ATTR, -a ATTR Name of attribute within STANZA to retrieve. --missing-okay Ignore missing stanzas and attributes. -o OUTPUT, --output OUTPUT File where the filtered results are written. Defaults to standard out.
ksconf attr-set
usage: ksconf attr-set [-h] --stanza STANZA --attribute ATTR [--value-type TYPE] [--create-missing] [--no-overwrite] conf value Set a specific stanza and attribute value of a Splunk .conf file. The value can be provided as a command line argument, file, or environment variable This command does not support preserving leading or trailing whitespace. Normally this is desireable. positional arguments: conf Configuration file to update. value Value to apply to the conf file. Note that this can be a raw text string, or the name of the file, or an environment variable options: -h, --help show this help message and exit --stanza STANZA, -s STANZA Name of the stanza within CONF to set. --attribute ATTR, --attr ATTR, -a ATTR Name of the attribute within STANZA to set. --value-type TYPE, -t TYPE Select the type of VALUE. The default is a string. Alternatively, the real value can be provided within a file, or an environment variable. --create-missing Create a new conf file if it doesn't currently exist. --no-overwrite Only set VALUE if none currently exists. This can be used to safely set a one-time default, but don't update overwrite an existing value.
ksconf check
usage: ksconf check [-h] [--quiet] FILE [FILE ...] Provides basic syntax and sanity checking for Splunk's .conf files. Use Splunk's built-in 'btool check' for a more robust validation of attributes and values. Consider using this utility as part of a pre-commit hook. positional arguments: FILE One or more configuration files to check. If '-' is given, then read a list of files to validate from standard input options: -h, --help show this help message and exit --quiet, -q Reduce the volume of output.
ksconf combine
usage: ksconf combine [-h] --target TARGET [-m {auto,dir.d,disable}] [-q] [-I PATTERN] [-E PATTERN] [--enable-handler {jinja}] [--template-vars TEMPLATE_VARS] [--dry-run] [--follow-symlink] [--banner BANNER] [-K KEEP_EXISTING] [--disable-marker] [--disable-cleanup] source [source ...] Merge .conf settings from multiple source directories into a combined target directory. Configuration files can be stored in a '/etc/*.d' like directory structure and consolidated back into a single 'default' directory. This command supports both one-time operations and recurring merge jobs. For example, this command can be used to combine all users' knowledge objects (stored in 'etc/users') after a server migration, or to merge a single user's settings after their account has been renamed. Recurring operations assume some type of external scheduler is being used. A best-effort is made to only write to target files as needed. The 'combine' command takes your logical layers of configs (upstream, corporate, Splunk admin fixes, and power user knowledge objects, ...) expressed as individual folders and merges them all back into the single 'default' folder that Splunk reads from. One way to keep the 'default' folder up-to-date is using client-side git hooks. No directory layout is mandatory, but taking advantages of the native-support for 'dir.d' layout works well for many uses cases. This idea is borrowed from the Unix System V concept where many services natively read their config files from '/etc/*.d' directories. Version notes: dir.d was added in ksconf 0.8. Starting in 1.0 the default will switch to 'dir.d', so if you need the old behavior be sure to update your scripts. positional arguments: source The source directory where configuration files will be merged from. When multiple source directories are provided, start with the most general and end with the specific; later sources will override values from the earlier ones. Supports wildcards so a typical Unix 'conf.d/##-NAME' directory structure works well. options: -h, --help show this help message and exit --target TARGET, -t TARGET Directory where the merged files will be stored. Typically either 'default' or 'local' -m {auto,dir.d,disable}, --layer-method {auto,dir.d,disable} Set the layer type used by SOURCE. Use 'dir.d' if you have directories like 'MyApp/default.d/##-layer-name', or use 'disable' to manage layers explicitly and avoid any accidental layer detection. By default, 'auto' mode will enable transparent switching between 'dir.d' and 'disable' (legacy) behavior, however this option will be removed in a future release. -q, --quiet Make output a bit less noisy. This may change in the future... -I PATTERN, --include PATTERN Name or pattern of layers to include. -E PATTERN, --exclude PATTERN Name or pattern of layers to exclude from the target. --enable-handler {jinja} Enable optional file handling support --template-vars TEMPLATE_VARS Set template variables as key=value or YAML/JSON, if filename prepend with @ --dry-run, -D Enable dry-run mode. Instead of writing to TARGET, preview changes as a 'diff'. If TARGET doesn't exist, then show the merged file. --follow-symlink, -l Follow symbolic links pointing to directories. Symlinks to files are always followed. --banner BANNER, -b BANNER A banner or warning comment added to the top of the TARGET file. Used to discourage Splunk admins from editing an auto-generated file. -K KEEP_EXISTING, --keep-existing KEEP_EXISTING Existing file(s) to preserve in the TARGET folder. This argument may be used multiple times. --disable-marker Prevents the creation of or checking for the '.ksconf_controlled' marker file safety check. This file is typically used indicate that the destination folder is managed by ksconf. This option should be reserved for well-controlled batch processing scenarios. --disable-cleanup Disable all file removal operations. Skip the cleanup phase that typically removes files in TARGET that no longer exist in SOURCE
ksconf diff
usage: ksconf diff [-h] [-o FILE] [--detail {global,stanza,key}] [--comments] [--format {diff,json}] CONF1 CONF2 Compares the content differences of two .conf files This command ignores textual differences (like order, spacing, and comments) and focuses strictly on comparing stanzas, keys, and values. Note that spaces within any given value, will be compared. Multi-line fields are compared in a more traditional 'diff' output so that long saved searches and macros can be compared more easily. positional arguments: CONF1 Left side of the comparison CONF2 Right side of the comparison options: -h, --help show this help message and exit -o FILE, --output FILE File where difference is stored. Defaults to standard out. --detail {global,stanza,key}, -d {global,stanza,key} Control the highest level for which 'replace' events may occur. --comments, -C Enable comparison of comments. (Unlikely to work consistently) --format {diff,json}, -f {diff,json} Output file format to produce. 'diff' the the classic format used by default. 'json' is helpful when trying to review changes programmatically.
ksconf filter
usage: ksconf filter [-h] [-o FILE] [--comments] [--verbose] [--skip-broken] [--match {regex,wildcard,string}] [--ignore-case] [--invert-match] [--files-with-matches] [--count | --brief] [--stanza PATTERN] [--attr-present ATTR] [--attr-matches ATTR PATTERN] [--attr-not-matches ATTR PATTERN] [--empty-stanzas] [-e | -d] [--keep-attrs WC-ATTR] [--reject-attrs WC-ATTR] CONF [CONF ...] Filter the contents of a conf file in various ways. Stanzas can be included or excluded based on a provided filter or based on the presence or value of a key. Where possible, this command supports GREP-like arguments to bring a familiar feel. positional arguments: CONF Input conf file options: -h, --help show this help message and exit -o FILE, --output FILE File where the filtered results are written. Defaults to standard out. --comments, -C Preserve comments. Comments are discarded by default. --verbose Enable additional output. --skip-broken Skip broken input files. Without this things like duplicate stanzas and invalid entries will cause processing to stop. --match {regex,wildcard,string}, -m {regex,wildcard,string} Specify pattern matching mode. Defaults to 'wildcard' allowing for '*' and '?' matching. Use 'regex' for more power but watch out for shell escaping. Use 'string' to enable literal matching. --ignore-case, -i Ignore case when comparing or matching strings. By default matches are case-sensitive. --invert-match, -v Invert match results. This can be used to show what content does NOT match, or make a backup copy of excluded content. Output mode: Select an alternate output mode. If any of the following options are used, the stanza output is not shown. --files-with-matches, -l List files that match the given search criteria --count, -c Count matching stanzas --brief, -b List name of matching stanzas Stanza selection: Include or exclude entire stanzas using these filter options. All filter options can be provided multiple times. If you have a long list of filters, they can be saved in a file and referenced using the special 'file://' prefix. One entry per line. Entries can be either a literal strings, wildcards, or regexes, depending on MATCH. --stanza PATTERN Match any stanza who's name matches the given pattern. PATTERN supports bulk patterns via the 'file://' prefix. --attr-present ATTR Match any stanza that includes the ATTR attribute. ATTR supports bulk attribute patterns via the 'file://' prefix. --attr-matches ATTR PATTERN, --attr-eq ATTR PATTERN Match any stanza containing ATTR == PATTERN. PATTERN supports the special 'file://filename' syntax. Matching can be a direct string comparison (equals), or a regex and wildcard match. Note that all '--attr- match' and '--attr-not-match' arguments are matched together. For a stanza to match, all rules must apply. If attr is missing from a stanza, the value becomes an empty string for matching purposes. --attr-not-matches ATTR PATTERN, --attr-ne ATTR PATTERN Match any stanza containing ATTR != PATTERN. See '-- attr-matches' for additional details. --empty-stanzas Show only empty stanzas. This is incompatible with manyother attribute filter options. -e, --enabled-only Keep only enabled stanzas. Any stanza containing 'disabled = 1' will be removed. The value of 'disabled' is assumed to be false by default. -d, --disabled-only Keep disabled stanzas only. The value of the `disabled` attribute is interpreted as a boolean. Attribute selection: Include or exclude attributes passed through. By default, all attributes are preserved. Allowlist (keep) operations are preformed before blocklist (reject) operations. --keep-attrs WC-ATTR Select which attribute(s) will be preserved. This space separated list of attributes indicates what to preserve. Supports wildcards. --reject-attrs WC-ATTR Select which attribute(s) will be discarded. This space separated list of attributes indicates what to discard. Supports wildcards.
ksconf merge
usage: ksconf merge [-h] [--target TARGET] [--ignore-missing] [--in-place] [--dry-run] [--banner BANNER] conf [conf ...] Merge two or more .conf files into a single combined .conf file. This is similar to the way that Splunk logically combines the 'default' and 'local' folders at runtime. positional arguments: conf The source configuration file(s) to collect settings from. options: -h, --help show this help message and exit --target TARGET, -t TARGET Destination file for merged configurations. If not provided, the merged conf is written to standard output. --ignore-missing, -s Silently ignore any missing CONF files. --in-place, -i Enable in-place update mode. When selected, the TARGET file will also be considered as the base of the merge operation. All CONF files will be merged with TARGET. When disabled, any existing content within TARGET is ignored and overwritten. --dry-run, -D Enable dry-run mode. Instead of writing to TARGET, preview changes in 'diff' format. If TARGET doesn't exist, then show the merged file. --banner BANNER, -b BANNER A banner or warning comment added to the top of the TARGET file. Used to discourage Splunk admins from editing an auto-generated file.
ksconf minimize
usage: ksconf minimize [-h] [--target TARGET] [--dry-run | --output OUTPUT] [--explode-default] [-k PRESERVE_KEY] CONF [CONF ...] Minimize a conf file by removing any duplicated default settings. Reduce a local conf file to only your intended changes without manually tracking which entries you've edited. Minimizing local conf files makes your local customizations easier to read and often results in cleaner upgrades. positional arguments: CONF The default configuration file(s) used to determine what base settings are. The base settings determine what is unnecessary to repeat in target file. options: -h, --help show this help message and exit --target TARGET, -t TARGET The local file that you wish to remove duplicate settings from. This file will be read from and then replaced with a minimized version. --dry-run, -D Enable dry-run mode. Instead of writing and minimizing the TARGET file, preview what would be removed as a 'diff'. --output OUTPUT Write the minimized output to a separate file instead of updating TARGET. --explode-default, -E Enable minimization across stanzas for special use- cases. Helpful when dealing with stanzas downloaded from a REST endpoint or 'btool list' output. -k PRESERVE_KEY, --preserve-key PRESERVE_KEY Specify attributes that should always be kept.
ksconf package
usage: ksconf package [-h] [-f SPL] [--app-name APP_NAME] [--blocklist BLOCKLIST] [--allowlist ALLOWLIST] [--layer-method {dir.d,disable}] [-I PATTERN] [-E PATTERN] [--enable-handler {jinja}] [--template-vars TEMPLATE_VARS] [--follow-symlink] [--set-version VERSION] [--set-build BUILD] [--allow-local | --block-local | --merge-local] [--release-file RELEASE_FILE] SOURCE Create a Splunk app or add on tarball ('.spl') file from an app directory. 'ksconf package' can do useful things like, exclude unwanted files, combine layers, set the application version and build number, drop or promote the 'local' directory into 'default'. Note that some arguments, like the 'FILE' support special values that can be automatically evaluated at runtime. For example the placeholders '{{version}}' or '{{git_tag}}' can be expanded into the output tarball filename. If both layering and templating are in use at the same time, be aware that templates are rendered prior to layering operations. This allows, for example, one layer to include a simple 'indexes.conf' file and another layer to include an 'indexes.conf.j2' template. positional arguments: SOURCE Source directory for the Splunk app. options: -h, --help show this help message and exit -f SPL, --file SPL Name of splunk app file (tarball) to create. Placeholder variables in '{{var}}' syntax can be used here. --app-name APP_NAME Specify the top-level app folder name. If this is not given, the app folder name is automatically extracted from the basename of SOURCE. Placeholder variables, such as '{{app_id}}' can be used here. --blocklist BLOCKLIST, -b BLOCKLIST Pattern for files/directories to exclude. Can be given multiple times. You can load multiple exclusions from disk by using 'file://path' which can be used with '.gitignore' for example. (Default includes: '.git*', '*.py[co]', '__pycache__', '.DS_Store') --allowlist ALLOWLIST, -a ALLOWLIST Remove a pattern that was previously added to the blocklist. --enable-handler {jinja} Enable optional file handling support --template-vars TEMPLATE_VARS Set template variables as key=value or YAML/JSON, if filename prepend with @ --follow-symlink, -l Follow symbolic links pointing to directories. Symlinks to files are always followed. --set-version VERSION Set application version. By default the application version is read from default/app.conf. Placeholder variables such as '{{git_tag}}' can be used here. --set-build BUILD Set application build number. --allow-local Allow the 'local' folder to be kept as-is WARNING: This goes against Splunk packaging practices, and will cause AppInspect to fail. However, this option can be useful for private package transfers between servers, app backups, or other admin-like tasks. --block-local Block the 'local' folder and 'local.meta' from the package. --merge-local Merge any files in 'local' into the 'default' folder during packaging. This is the default behavior. Layer filtering: If the app being packaged includes multiple layers, these arguments can be used to control which ones should be included in the final app file. If no layer options are specified, then all layers will be included. --layer-method {dir.d,disable} Set the layer type used by SOURCE. Additional description provided in in the 'combine' command. -I PATTERN, --include PATTERN Name or pattern of layers to include. -E PATTERN, --exclude PATTERN Name or pattern of layers to exclude from the target. Advanced Build Options: The following options are for more advanced app building workflows. --release-file RELEASE_FILE Write the path of the newly generated archive file (SPL) after the archive is written. This is useful in build scripts when the SPL contains variables so the final name may not be known ahead of time.
ksconf promote
usage: ksconf promote [-h] [--batch | --interactive | --summary | --diff] [--verbose] [--match {regex,wildcard,string}] [--ignore-case] [--invert-match] [--stanza PATTERN] [--force] [--keep] [--keep-empty] SOURCE TARGET Propagate .conf settings applied in one file to another. Typically this is used to move 'local' changes (made via the UI) into another layer, such as the 'default' or a named 'default.d/50-xxxxx') folder. Promote has two modes: batch and interactive. In batch mode, all changes are applied automatically and the (now empty) source file is removed. In interactive mode, the user is prompted to select stanzas to promote. This way local changes can be held without being promoted. NOTE: Changes are *MOVED* not copied, unless '--keep' is used. positional arguments: SOURCE The source configuration file to pull changes from. (Typically the 'local' conf file) TARGET Configuration file or directory to push the changes into. (Typically the 'default' folder) options: -h, --help show this help message and exit --batch, -b Use batch mode where all configuration settings are automatically promoted. All changes are removed from source and applied to target. The source file will be removed unless '--keep-empty' is used. --interactive, -i Enable interactive mode where the user will be prompted to approve the promotion of specific stanzas and attributes. The user will be able to apply, skip, or edit the changes being promoted. --summary, -s Summarize content that could be promoted. --diff, -d Show the diff of what would be promoted. --verbose Enable additional output. --force, -f Disable safety checks. Don't check to see if SOURCE and TARGET share the same basename. --keep, -k Keep conf settings in the source file. All changes will be copied into the TARGET file instead of being moved there. This is typically a bad idea since local always overrides default. --keep-empty Keep the source file, even if after the settings promotions the file has no content. By default, SOURCE will be removed after all content has been moved into TARGET. Splunk will re-create any necessary local files on the fly. Automatic filtering options: Include or exclude stanzas to promote using these filter options. Stanzas selected by these filters will be promoted. All filter options can be provided multiple times. If you have a long list of filters, they can be saved in a file and referenced using the special 'file://' prefix. One entry per line. --match {regex,wildcard,string}, -m {regex,wildcard,string} Specify pattern matching mode. Defaults to 'wildcard' allowing for '*' and '?' matching. Use 'regex' for more power but watch out for shell escaping. Use 'string' to enable literal matching. --ignore-case Ignore case when comparing or matching strings. By default matches are case-sensitive. --invert-match, -v Invert match results. This can be used to prevent content from being promoted. --stanza PATTERN Promote any stanza with a name matching the given pattern. PATTERN supports bulk patterns via the 'file://' prefix.
ksconf rest-export
usage: ksconf rest-export [-h] [--output FILE] [--disable-auth-output] [--pretty-print] [-u | -D] [--url URL] [--app APP] [--user USER] [--owner OWNER] [--conf TYPE] [--extra-args EXTRA_ARGS] CONF [CONF ...] Build an executable script of the stanzas in a configuration file that can be later applied to a running Splunk instance via the Splunkd REST endpoint. This can be helpful when pushing complex props and transforms to an instance where you only have UI access and can't directly publish an app. positional arguments: CONF Configuration file(s) to export settings from. options: -h, --help show this help message and exit --output FILE, -t FILE Save the shell script output to this file. If not provided, the output is written to standard output. -u, --update Assume that the REST entities already exist. By default, output assumes stanzas are being created. -D, --delete Remove existing REST entities. This is a destructive operation. In this mode, stanza attributes are unnecessary and ignored. NOTE: This works for 'local' entities only; the default folder cannot be updated. --url URL URL of Splunkd. Default: https://localhost:8089 --app APP Set the namespace (app name) for the endpoint --user USER Deprecated. Use --owner instead. --owner OWNER Set the object owner. Typically, the default of 'nobody' is ideal if you want to share the configurations at the app-level. --conf TYPE Explicitly set the configuration file type. By default, this is derived from CONF, but sometimes it's helpful to set this explicitly. Can be any valid Splunk conf file type. Examples include: 'app', 'props', 'tags', 'savedsearches', etc. --extra-args EXTRA_ARGS Extra arguments to pass to all CURL commands. Quote arguments on the command line to prevent confusion between arguments to ksconf vs curl. Output Control: --disable-auth-output Turn off sample login curl commands from the output. --pretty-print, -p Enable pretty-printing. Make shell output a bit more readable by splitting entries across lines.
ksconf rest-publish
usage: ksconf rest-publish [-h] [--conf TYPE] [-m META] [--app APP] [--owner OWNER] [--sharing {user,app,global}] [--url URL] [--user USER] [--pass PASSWORD] [-k] [--session-key SESSION_KEY] [--token TOKEN] [-D] CONF [CONF ...] Publish stanzas in a .conf file to a running Splunk instance via REST. This requires access to the HTTPS endpoint of Splunk. By default, ksconf will handle both the creation of new stanzas and the update of existing stanzas. This can be used to push full configuration stanzas where you only have REST access and can't directly publish an app. Only attributes present in the conf file are pushed. While this may seem obvious, this fact can have profound implications in certain situations, like when using this command for continuous updates. This means that it's possible for the source .conf to ultimately differ from what ends up on the server's .conf file. One way to avoid this, is to explicitly remove an object using '--delete' mode first, and then insert a new copy of the object. Of course, this means that the object will be unavailable. The other impact is that diffs only compares and shows a subset of attribute. Be aware, that for consistency, the configs/conf-TYPE endpoint is used for this command. Therefore, a reload may be required for the server to use the published config settings. positional arguments: CONF Configuration file(s) to export settings from. options: -h, --help show this help message and exit --conf TYPE Explicitly set the configuration file type. By default, this is derived from CONF, but sometimes it's helpful to set this explicitly. Can be any valid Splunk conf file type. Examples include: 'app', 'props', 'tags', 'savedsearches', etc. -m META, --meta META Specify one or more '.meta' files to determine the desired read & write ACLs, owner, and sharing for objects in the CONF file. --app APP Set the namespace (app name) for the endpoint. Default search --owner OWNER Set the user who owns the content. The default of 'nobody' works well for app-level sharing. --sharing {user,app,global} Set the sharing mode. Defaults to 'app'. --url URL URL of Splunkd. Default: https://localhost:8089 --user USER Login username Splunkd. Default: admin --pass PASSWORD Login password Splunkd. Default: changeme -k, --insecure Disable SSL cert validation. --session-key SESSION_KEY Use an existing session token instead of using a username and password to login. --token TOKEN Use a Splunk token (bearer token) -D, --delete Remove existing REST entities. This is a destructive operation. In this mode, stanza attributes are unnecessary. NOTE: This works for 'local' entities only; the default folder cannot be updated.
ksconf snapshot
usage: ksconf snapshot [-h] [--output FILE] [--minimize] PATH [PATH ...] Build a static snapshot of various configuration files stored within a structured json export format. If the .conf files being captured are within a standard Splunk directory structure, then certain metadata and namespace information is assumed based on typical path locations. Individual apps or conf files can be collected as well, but less metadata may be extracted. positional arguments: PATH Directory from which to load configuration files. All .conf and .meta file are included recursively. options: -h, --help show this help message and exit --output FILE, -o FILE Save the snapshot to the named files. If not provided, the snapshot is written to standard output. --minimize Reduce the size of the JSON output by removing whitespace. Reduces readability.
ksconf sort
usage: ksconf sort [-h] [--target FILE | --inplace] [-F] [-q] [-n LINES] FILE [FILE ...] Sort a Splunk .conf file. Sort has two modes: (1) by default, the sorted config file will be echoed to the screen. (2) the config files are updated in-place when the '-i' option is used. Manually managed conf files can be protected against changes by adding a comment containing the string 'KSCONF-NO-SORT' to the top of any .conf file. positional arguments: FILE Input file to sort, or standard input. options: -h, --help show this help message and exit --target FILE, -t FILE File to write results to. Defaults to standard output. --inplace, -i Replace the input file with a sorted version. WARNING: This a potentially destructive operation that may move/remove comments. -n LINES, --newlines LINES Number of lines between stanzas. In-place update arguments: -F, --force Force file sorting for all files, even for files containing the special 'KSCONF-NO-SORT' marker. -q, --quiet Reduce the output. Reports only updated or invalid files. This is useful for pre-commit hooks, for example.
ksconf unarchive
usage: ksconf unarchive [-h] [--dest DIR] [--app-name NAME] [--default-dir DIR] [--exclude EXCLUDE] [--keep KEEP] [--allow-local] [--git-sanity-check {off,changed,untracked,ignored}] [--git-mode {nochange,stage,commit}] [--no-edit] [--git-commit-args GIT_COMMIT_ARGS] SPL Install or overwrite an existing app in a git-friendly way. If the app already exists, steps will be taken to upgrade it safely. The 'default' folder can be redirected to another path (i.e., 'default.d/10-upstream' or other desirable path if you're using the 'ksconf combine' tool to manage extra layers). positional arguments: SPL The path to the archive to install. options: -h, --help show this help message and exit --dest DIR Set the destination path where the archive will be extracted. By default, the current directory is used. Sane values include: etc/apps, etc/deployment-apps, and so on. --app-name NAME The app name to use when expanding the archive. By default, the app name is taken from the archive as the top-level path included in the archive (by convention). --default-dir DIR Name of the directory where the default contents will be stored. This is a useful feature for apps that use a dynamic default directory that's created and managed by the 'combine' mode. --exclude EXCLUDE, -e EXCLUDE Add a file pattern to exclude from extraction. Splunk's pseudo-glob patterns are supported here. '*' for any non-directory match, '...' for ANY (including directories), and '?' for a single character. --keep KEEP, -k KEEP Specify a pattern for files to preserve during an upgrade. Repeat this argument to keep multiple patterns. --allow-local Allow local/* and local.meta files to be extracted from the archive. --git-sanity-check {off,changed,untracked,ignored} By default, 'git status' is run on the destination folder to detect working tree or index modifications before the unarchive process start. Sanity check choices go from least restrictive to most thorough: 'off' prevents all safety checks. 'changed' aborts only upon local modifications to files tracked by git. 'untracked' (the default) looks for changed and untracked files. 'ignored' aborts is (any) local changes, untracked, or ignored files are found. --git-mode {nochange,stage,commit} Set the desired level of git integration. The default mode is *stage*, where new, updated, or removed files are automatically handled for you. To prevent any 'git add' or 'git rm' commands from being run, pick the 'nochange' mode. --no-edit Tell git to skip opening your editor on commit. By default, you will be prompted to review/edit the commit message. (Git Tip: Delete the content of the default message to abort the commit.) --git-commit-args GIT_COMMIT_ARGS, -G GIT_COMMIT_ARGS Extra arguments to pass to 'git'
ksconf xml-format
usage: ksconf xml-format [-h] [--indent INDENT] [--quiet] FILE [FILE ...] Normalize and apply consistent XML indentation and CDATA usage for XML dashboards and navigation files. Technically this could be used on *any* XML file, but certain element names specific to Splunk's simple XML dashboards are handled specially, and therefore could result in unusable results. The expected indentation level is guessed based on the first element indentation, but can be explicitly set if not detectable. positional arguments: FILE One or more XML files to check. If '-' is given, then a list of files is read from standard input options: -h, --help show this help message and exit --indent INDENT Number of spaces. This is only used if indentation cannot be guessed from the existing file. --quiet, -q Reduce the volume of output.