Table of Contents
Commands#
| Task | Command |
|---|---|
| Start Splunk | bin/splunk start |
| Stop Splunk | bin/splunk stop |
| Restart Splunk | bin/splunk restart |
Search Commands#
Show all indices#
| eventcount summarize=false index=* index=_* | dedup index | fields index | sort index
Configs & Layout#
Inputs #
| Location | etc/system/local/inputs.conf |
| Description | File which configures what log files/folders to index locally |
[default] host = darcoleo-mbp13 [monitor:///var/log] index = main recursive = true [monitor:///opt/logs/*.stripped.log] index = scripts recursive = true [monitor:///opt/logs/.../*.stripped.log] index = scripts recursive = true
Indexes#
| Folder Location | var/lib/splunk/index_name |
| dat file location | var/lib/splunk/index_name.dat |
| Description | Location of any non-default indexes on an indexer |
| conf file location | etc/apps/search/local/indexes.conf |
[test_disappear] coldPath = $SPLUNK_DB/test_disappear/colddb enableDataIntegrityControl = 0 enableTsidxReduction = 0 homePath = $SPLUNK_DB/test_disappear/db maxTotalDataSizeMB = 512000 thawedPath = $SPLUNK_DB/test_disappear/thaweddb [scripts] coldPath = $SPLUNK_DB/scripts/colddb enableDataIntegrityControl = 0 enableTsidxReduction = 0 homePath = $SPLUNK_DB/scripts/db maxTotalDataSizeMB = 512000 thawedPath = $SPLUNK_DB/scripts/thaweddb
CategoryArchived.Computing.InformationRetrieval.Splunk