Splunk Commands

Splunk useful commands
$splunk start –accept-license
$/opt/splunk/bin/splunk start –accept-license –no-prompt –answer
$splunk enable boot-start –user splunker
$splunk version –auth admin:changeme
$splunk show web-port –auth admin:changeme
$splunk show splunkd-port –auth admin:changeme (Use your password instead of changeme)
$splunk show appserver-ports –auth admin:changeme
$splunk show kvstore-port –auth admin:changeme
$splunk show servername –auth admin:changeme
$splunk show default-hostname –auth admin:changeme
$splunk edit user admin –password newpassword
$splunk set servername SPLUNK-SEARCH -auth admin:changeme
$splunk set default-hostname SPLUNK-SEARCH -auth admin:changeme
$splunk [ start | stop | restart ]
$splunk show servername -auth admin:changeme
$splunk show default-hostname -auth admin:changeme
$splunk show config conf_name

$splunk btool check
$splunk show config config_name
$splunk show config inputs
$splunk btool list conf_name –debug
$splunk btool list monitor://var/log – – debug
On Indexer: $splunk display listen 9997
On Deployment_Server: $splunk list deploy-clients
On Deployment_Server: $splunk reload deploy-server
On Forwarder: $splunk add forward-server Indexer:port
On Forwarder: $spluk list forward-server
On Forwarder: $splunk remove forward-server idx:port
ON Forwarder: $splunk set deploy-poll deployment_server:port
On Forwarder: $splunk show deploy-poll

To remove all data from an index on indexer : $ splunk clean eventdata –index index_name

Remove the file pointe for a particular soruce from the fishbucket, : $splunk cmd btprobe –d /opt/splunk/var/loib/splunk/fishbucker/splunk_private_db –file source – reset

Recreate the idx files for a bucket : $splunk rebuild path_to_bucket

splunk add licenses /your-dir/licensefile.xml
splunk list license
splunk edit licenser-localslave –master_uri https://License_Master:8089
splunk list licenser-localslave

Please follow and like us: