{"id":6049,"date":"2019-04-05T23:30:59","date_gmt":"2019-04-05T23:30:59","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=6049"},"modified":"2021-11-16T11:40:31","modified_gmt":"2021-11-16T11:40:31","slug":"splunk-frequently-asked-questions","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/splunk-frequently-asked-questions\/","title":{"rendered":"Splunk frequently asked questions!!!"},"content":{"rendered":"\n<p><strong>Question &#8211; How often does the forwarder send data to indexer?<\/strong><br><strong>Answer &#8211; <\/strong>The forwarder sends data immediately when it becomes available. There is no certain interval that it waits or anything like that. but since it can send in blocks and set source type it must be waiting at least for an end of line, or for a file to not change over some time interval. Like, send changes if file has not update in 1 second.<\/p>\n\n\n\n<p><strong>Question &#8211; How do I reset splunk admin password?<\/strong> <br> <strong>Answer &#8211;<\/strong> If you forgot your admin password you will need access to the file system that Splunk is running on in order to modify the password file. To reset the admin password:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> Move the $SPLUNK_HOME\/etc\/passwd file to $SPLUNK_HOME\/etc\/passwd.bak <\/li><li> Restart Splunk. After the restart you should be able to login using the default login (admin\/changeme).<\/li><li>If you created other user accounts, copy those entries from the backup file into the new passwd file and restart splunk.<\/li><\/ul>\n\n\n\n<p><strong>Alternate Method<\/strong><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">$ .\/bin\/splunk stop\n\n$ vi  etc\/passwd\n:admin:$<span class=\"hljs-number\">6<\/span>$UDQnslwGLUi\/WwhL$\/Sf44s.<span class=\"hljs-number\">.6<\/span>.V\/dlaFLcQmZzJ5A1WG<span class=\"hljs-number\">.7<\/span>aayvTaTsw\/ji0gonm00N5hGqvAfwDlq8DAqHUyb\n<span class=\"hljs-number\">68<\/span>OKsqMOQ.x05Hbm0::Administrator:admin:changeme@example.com:::<span class=\"hljs-number\">18423<\/span>\n\n$ .\/bin\/splunk start\n\n$ .\/bin\/splunk login\n\nValidate using admin\/admin123<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_44551\"><iframe loading=\"lazy\"  id=\"_ytid_97082\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_44551\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Question &#8211; How often does the forwarder send data to indexer?Answer &#8211; The forwarder sends data immediately when it becomes available. There is no certain interval that it waits or&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5207],"tags":[991],"class_list":["post-6049","post","type-post","status-publish","format-standard","hentry","category-splunk","tag-splunk"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=6049"}],"version-history":[{"count":4,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6049\/revisions"}],"predecessor-version":[{"id":25518,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/6049\/revisions\/25518"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=6049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=6049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=6049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}