【实践成果】Splunk 9.0 Configuration Change Tracking

Splunk 9.0 引入了新的功能，一个很重要的一个，就是跟踪conguration 文件的变化：

这个很重要的特性，在splunk 9.0 以后才引入，就看server.conf 配置中，9.0 以后的版本才有：

server.conf - Splunk Documentation

Configuration Change Tracker

[config_change_tracker]
disabled = 
* Whether or not splunkd writes configuration changes to the 
  configuration change log at $SPLUNK_HOME/var/log/splunk/configuration_change.log.
* If set to "false", configuration changes are captured in
  $SPLUNK_HOME/var/log/splunk/configuration_change.log.
* If set to "true", configuration changes are not captured
  in $SPLUNK_HOME/var/log/splunk/configuration_change.log.
* Default: false

mode = [auto|diff|track-only]
* Determines the method used by 'config_change_tracker' to t