Commands#
| Task | Command |
|---|
| Start Splunk | bin/splunk start |
| Stop Splunk | bin/splunk stop |
| Restart Splunk | bin/splunk restart |
Search Commands#
Show all indices#
| eventcount summarize=false index=* index=_* | dedup index | fields index | sort index
Configs & Layout#
| Location | etc/system/local/inputs.conf |
| Description | File which configures what log files/folders to index locally |
[default]
host = darcoleo-mbp13
[monitor:///var/log]
index = main
recursive = true
[monitor:///opt/logs/*.stripped.log]
index = scripts
recursive = true
[monitor:///opt/logs/.../*.stripped.log]
index = scripts
recursive = true
Indexes#
| Folder Location | var/lib/splunk/index_name |
| dat file location | var/lib/splunk/index_name.dat |
| Description | Location of any non-default indexes on an indexer |
| conf file location | etc/apps/search/local/indexes.conf |
[test_disappear]
coldPath = $SPLUNK_DB/test_disappear/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/test_disappear/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/test_disappear/thaweddb
[scripts]
coldPath = $SPLUNK_DB/scripts/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/scripts/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/scripts/thaweddb
CategoryArchived.Computing.InformationRetrieval.Splunk