<\/p>\n\n\n
How to add monitor in Splunk?\n$ sudo .\/splunk [add|edit|remove|list] [monitor|exex|tcp|udp|oneshot]\nsource - file, directory, scripted input, or socket to manage\n\nHow to remove monitor?\n$ sudo .\/splunk remove monitor \/var\/log\/jenkins\n\nHow to set hostname?\n$ sudo .\/splunk add monitor \/var\/log\/dmesg -hostname rajesh -index newindex\n$ sudo .\/splunk add monitor \/opt\/lampp\/etc -hostname rajhost -index rajesh\n\nHow to upload to new index?\r\n$ sudo .\/splunk add monitor \/var\/log\/dmesg -hostname rajesh -index newindex\n\nHow to upload a file?\r\n$ sudo .\/splunk add oneshot \/var\/log\/applog\t\r\n$ sudo .\/splunk add oneshot C:\\Program Files\\AppLog\\log.txt\r\n$ sudo .\/splunk add forward-server <host<\/span>><\/span>:<port<\/span>><\/span> -auth <username<\/span>><\/span>:<password<\/span>><\/span>\n\nAlternatively, if you have many forwarders, you can use an outputs.conf file to specify the receiver. For example:\r\n[tcpout:my_indexers]\r\nserver= splunk_indexer.acme.com:9997\n\nThis command, <port<\/span>><\/span> is the network port you want the receiver to listen on.\r\n$ sudo .\/splunk enable listen <port<\/span>><\/span> -auth <username<\/span>><\/span>:<password<\/span>><\/span>\r\n$ sudo .\/splunk enable listen 9997 -auth <username<\/span>><\/span>:<password<\/span>><\/span>\n\nThis command below will also show which apps each setting is coming from.\r\n$ sudo .\/splunk cmd btool --debug inputs list\n\nPermanently remove event data from an index by typing\r\n$ splunk clean eventdata\r\n$ splunk clean eventdata -index <index_name<\/span>><\/span>\r\n$ splunk stop\r\n$ splunk clean eventdata \t# To permanently remove data from all indexes\r\n$ splunk stop\r\n$ splunk clean eventdata -index _internal -f # To permanently remove data from _internal\n\nRemove all data from one or all indexes\r\n$ splunk help clean\r\n\nRemove an index entirely\r\n$ splunk stop\r\n$ splunk remove index main # cannot remove idx=main, is internal\r\n$ splunk remove index <index_name<\/span>><\/span>\n\nDisable an index without removing it\r\n$ splunk disable index <index_name<\/span>><\/span>\n\n<\/code><\/span>Code language:<\/span> HTML, XML<\/span> (<\/span>xml<\/span>)<\/span><\/small><\/pre>","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-30441","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=30441"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30441\/revisions"}],"predecessor-version":[{"id":30442,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/30441\/revisions\/30442"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=30441"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=30441"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=30441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}