useful_splunk_cmd
列出,常用的 splunk cmd 作為參考用
command
手動 restart splunkWeb 用
$SPLUNK_HOME/bin/splunk restart splunkweb -auth <USER>:<PASSWORD>- Is there a configuration to restart Splunk web without asking for credentials?
remove index 用
- Remove indexes and indexed data
- help command,
splunk help clean - remove all index,
splunk clean eventdata - remove single index,
splunk clean eventdata -index <index_name>
看 splunk log 用
- Is there a way to search for all Splunk error messages?
index=_internal source="*/splunkd.log" | ...
- Is there a way to search for all Splunk error messages?