-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathconfig.example.toml
More file actions
45 lines (37 loc) · 1.83 KB
/
config.example.toml
File metadata and controls
45 lines (37 loc) · 1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# splunk-cli example configuration
# Copy this file to ~/.config/splunk-cli/config.toml and fill in your values.
# All settings can also be overridden via environment variables (SPLUNK_HOST, etc.)
# or CLI flags.
[splunk]
# Splunk server URL including port (required)
host = "https://your-splunk.example.com:8089"
# Authentication: use either token (recommended) or user + password.
token = ""
# user = ""
# password = ""
# App context for searches (optional, default: no app namespace)
# app = "search"
# Knowledge object owner (default: nobody)
# owner = "nobody"
# Skip TLS certificate verification — use only for self-signed certs in dev
# insecure = false
# Per-request HTTP timeout (default: 30s)
# http_timeout = "30s"
# Maximum results to return per run/results command (0 = all)
# limit = 0
# How splunk-cli wraps the SPL you submit:
# "pipe-only" (default) — prepend "search " unless the SPL starts with "|".
# Matches the historical behavior; if you write
# `search index=foo`, the submitted SPL becomes
# `search search index=foo` (Splunk treats the
# second `search` as a literal token to match).
# "auto" — also skip the prefix when the SPL already starts
# with the `search` command (followed by a space
# or end of string). Convenient if you paste from
# Splunk Web; does not protect against macros that
# expand to a leading command.
# "off" — never prepend. You must supply a complete SPL,
# including any leading `search` or generating
# command.
# Override per-invocation with `--prepend auto|pipe-only|off`.
# prepend = "pipe-only"