侧边栏壁纸
  • 累计撰写 66 篇文章
  • 累计创建 38 个标签
  • 累计收到 8 条评论
隐藏侧边栏

Splunk 常用CLI command

散漫的老何
2020-01-07 / 2 评论 / 0 点赞 / 854 阅读 / 5,769 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2021-07-09,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。
命令说明
./splunk start启动服务
./splunk stop关闭服务
./splunk restart重启服务
./splunk version查看版本信息
./splunk show splunkd-port查看splunk端口
./splunk show splunkd-port查看Splunkd管理端口
./splunk list splunkd-port查看Splunkd管理端口
./splunk show web-port查看Splunk web端口
./splunk list web-port查看Splunk web端口
./splunk set web-port 80修改Splunk web端口为80
./splunk show servername查看splunk服务名
./splunk set servername Mysplunk修改Splunk服务名为Mysplunk。web页面修改:设置>服务器设置>常规设置>Splunk实例名
./splunk set default-hostname Mysplunk修改默认主机名为Mysplunk。web页面修改:设置>服务器设置>常规设置>默认主机名
./splunk show default-hostname查看默认主机名
./splunk enable web-ssl启用web页面SSL登录
./splunk disable web-ssl关闭web页面SSL登录
./splunk enable boot-start设置splunk开机启动
索引
./splunk list index列出索引
./splunk add index index_name创建索引
./splunk remove index index_name删除索引
./splunk disable index nginx_logs禁用索引
./splunk enable index nginx_logs启用索引
./splunk reload index nginx_logs重新加载索引
./splunk show index wineventlog查看数据存放路径
数据转发和接收
./splunk display listen禁用全部splunk数据接收端口
./splunk enable listen 9997启用splunk 9997数据接收端口。web页面修改:设置>转发和接收>配置接收>新接收端口
./splunk disable listen 9997禁用splunk 9997数据接收端口。web页面修改:设置>转发和接收>配置接收>删除
forwarder
./splunk add forward-server 192.168.10.12:9997添加splunk数据转发目标服务器
./splunk remove forward-server 192.168.10.12:9997删除splunk数据转发目标服务器
./splunk list forward-server显示Splunk转发器目标服务器列表
./splunk set deploy-poll 192.168.10.9:8089给forwarder添加deploy(部署)服务器
monitor
./splunk add monitor /var/log/audit -index index_name添加监控项
./splunk remove monitor /var/log/audit删除监控项
./splunk list monitor显示监控项
User
./splunk add user administrator -password '12345678' -full-name 'administrator' -role 'user'创建用户并设置密码和角色,password:密码参数、-full-name:用户全称参数、-role:角色参数
./splunk edit user admin -password '1234qwer' -role 'admin' -auth admin:12345678修改用户密码并重新添加角色,password:密码参数、-role:角色参数、-auth:验证原密码
./splunk remove user删除用户
./splunk list user显示用户列表

Syntax:

show [object][<value>]

list excess-buckets [index-name]
list shcluster-config
list shcluster-members
list shcluster-captain-info
list shcluster-artifacts
list shcluster-scheduler-jobs
list shcluster-member-info
list shcluster-configuration-set
list shcluster-member-artifacts
list monitor [-parameter <value>] ...
list monitor [-parameter <value>] ...
list indexer-discovery
list user
list role
list [licenser-groups|licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|licenser-stacks|licenses]
list licenser-groups
list licenser-messages

Objects:

list exec                		list scripted inputs
list cluster-master      		Display a list of instances this searchhead can search across
list excess-buckets      		List excess buckets in the cluster.
list shcluster-config    		List current SEARCH HEAD CLUSTER configuration
list shcluster-members   		List SEARCH HEAD CLUSTER members information
list shcluster-captain-info		List SEARCH HEAD CLUSTER Captain information
list shcluster-artifacts 		List SEARCH HEAD CLUSTER artifacts information
list shcluster-scheduler-jobs		List search head cluster scheduler job information
list shcluster-member-info		List SEARCH HEAD CLUSTER MEMBER or Peer information
list shcluster-configuration-set	List SEARCH HEAD CLUSTER NODE SET (All nodes part of the configuration) 
list shcluster-member-artifacts		List SEARCH HEAD CLUSTER MEMBER artifact information
list inputstatus         		Lists the status of the different splunk inputs.
list monitor             		list all active monitored directory and file inputs. Note: This displays files and directories currently or recently monitored by splunkd for change.
list tcp                 		list all active TCP (network) inputs
list udp                 		list all active UDP (network) inputs
list indexer-discovery   		List current indexer discovery configuration
list forward-server      		list servers that this server forwards data to
list user                		list all users known to Splunk
list role                		list all roles known to Splunk
list ad                  		Display all Active Directory monitoring settings
list registry            		Display Registry input settings
list wmi                 		Display all WMI Collections
list eventlog            		Display all EventLog Collections
list monitornohandle     		Display the file tail
list winnetmon           		Windows network monitor inputs
list perfmon             		Display all performance monitoring collections
list winhostmon          		Display all Host monitoring collections
list winprintmon         		Display all Print monitoring collections
list licenser-groups     		lists attributes of available licenser groups
list licenser-messages   		lists the alerts or 

Examples:

./splunk list master
./splunk list excess-buckets
./splunk list excess-buckets main
./splunk list shcluster-config
./splunk list shcluster-members
./splunk list shcluster-captain-info
./splunk list shcluster-artifacts
./splunk list shcluster-scheduler-jobs
./splunk list shcluster-member-info
./splunk list shcluster-configuration-set
./splunk list shcluster-member-artifacts
./splunk list inputstatus
./splunk list monitor
./splunk list indexer-discovery
./splunk list ad
./splunk list registry
./splunk list wmi
./splunk list eventlog
./splunk list monitornohandle
./splunk list winnetmon
./splunk list perfmon
./splunk list winhostmon
./splunk list winprintmon
./splunk list licenser-stacks
./splunk list licenser-groups
./splunk list licenser-messagesype 
0

评论