How to add monitor in Splunk?
$ sudo ./splunk [add|edit|remove|list] [monitor|exex|tcp|udp|oneshot]
source - file, directory, scripted input, or socket to manage
How to remove monitor?
$ sudo ./splunk remove monitor /var/log/jenkins
How to set hostname?
$ sudo ./splunk add monitor /var/log/dmesg -hostname rajesh -index newindex
$ sudo ./splunk add monitor /opt/lampp/etc -hostname rajhost -index rajesh
How to upload to new index?
$ sudo ./splunk add monitor /var/log/dmesg -hostname rajesh -index newindex
How to upload a file?
$ sudo ./splunk add oneshot /var/log/applog
$ sudo ./splunk add oneshot C:\Program Files\AppLog\log.txt
$ sudo ./splunk add forward-server <host>:<port> -auth <username>:<password>
Alternatively, if you have many forwarders, you can use an outputs.conf file to specify the receiver. For example:
[tcpout:my_indexers]
server= splunk_indexer.acme.com:9997
This command, <port> is the network port you want the receiver to listen on.
$ sudo ./splunk enable listen <port> -auth <username>:<password>
$ sudo ./splunk enable listen 9997 -auth <username>:<password>
This command below will also show which apps each setting is coming from.
$ sudo ./splunk cmd btool --debug inputs list
Permanently remove event data from an index by typing
$ splunk clean eventdata
$ splunk clean eventdata -index <index_name>
$ splunk stop
$ splunk clean eventdata # To permanently remove data from all indexes
$ splunk stop
$ splunk clean eventdata -index _internal -f # To permanently remove data from _internal
Remove all data from one or all indexes
$ splunk help clean
Remove an index entirely
$ splunk stop
$ splunk remove index main # cannot remove idx=main, is internal
$ splunk remove index <index_name>
Disable an index without removing it
$ splunk disable index <index_name>
Code language: HTML, XML (xml)
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services — all in one place.
Explore Hospitals