Thursday, August 8, 2013

Splunk CLI one-liners

1. list monitored files/directories:

  /opt/splunk/bin/splunk list monitor

2. remove a file/directory from monitoring/indexing:

/opt/splunk/bin/splunk remove monitor /path/to/file/or/dir

3. add a file for monitoring:

/opt/splunk/bin/splunk add monitor /var/log/httpd/access_log

4. add a oneshot file for indexing:

/opt/splunk/bin/splunk add oneshot /var/log/httpd/access_log

5. remove a oneshot file/directory from monitoring/indexing:

/opt/splunk/bin/splunk remove oneshot /path/to/file/or/dir

6. list forward servers (splunk servers this host forwards to):

/opt/splunk/bin/splunk list forward-server

No comments: