[{TableOfContents }]

!!! Commands

|| Task || Command
| Start Splunk | {{bin/splunk start}}
| Stop Splunk | {{bin/splunk stop}}
| Restart Splunk | {{bin/splunk restart}}

!!! Search Commands

!! Show all indices

{{{
| eventcount summarize=false index=* index=_* | dedup index | fields index | sort index
}}}

!!! Configs & Layout

!! Inputs 

| Location | {{etc/system/local/inputs.conf}} 
| Description | File which configures what log files/folders to index locally

%%prettify 
{{{
[default]
host = darcoleo-mbp13

[monitor:///var/log]
index = main
recursive = true

[monitor:///opt/logs/*.stripped.log]
index = scripts
recursive = true

[monitor:///opt/logs/.../*.stripped.log]
index = scripts
recursive = true
}}}
/%

!! Indexes

| Folder Location | {{var/lib/splunk/index_name}} 
| dat file location | {{var/lib/splunk/index_name.dat}} 
| Description | Location of any non-default indexes on an indexer
| conf file location | {{etc/apps/search/local/indexes.conf}}

%%prettify 
{{{
[test_disappear]
coldPath = $SPLUNK_DB/test_disappear/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/test_disappear/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/test_disappear/thaweddb

[scripts]
coldPath = $SPLUNK_DB/scripts/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/scripts/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/scripts/thaweddb
}}}
/%



----
[CategoryArchived.Computing.InformationRetrieval.Splunk]