ksconf snapshot

Build a static snapshot of various configuration files stored within a structured json export format. If the .conf files being captured are within a standard Splunk directory structure, then certain metadata and namespace information is assumed based on typical path locations. Individual apps or conf files can be collected as well, but less metadata may be extracted.

usage: ksconf snapshot [-h] [--output FILE] [--minimize] PATH [PATH ...]

Positional Arguments

PATH Directory from which to load configuration files. All .conf and .meta file are included recursively.

Named Arguments

--output, -o Save the snapshot to the named files. If not provided, the snapshot is written to standard output.
--minimize Reduce the size of the JSON output by removing whitespace. Reduces readability.


Output NOT stable!

The output from this command hasn’t really been tested in any kind of serious way for usability. Consider this a proof-of-concept. Anyone interested in this type of functionality should reach out to discuss uses cases.


ksconf snapshot --output=daily-$(date +%Y-%m-%d).json $SPLUNK_HOME/etc/app/