Splunk CLI command
Splunk CLI command Examples List
| 命令 |
说明 |
| ./splunk start |
启动服务 |
| ./splunk stop |
关闭服务 |
| ./splunk restart |
重启服务 |
| ./splunk version |
查看版本信息 |
| ./splunk show splunkd-port |
查看splunk端口 |
| ./splunk show splunkd-port |
查看Splunkd管理端口 |
| ./splunk list splunkd-port |
查看Splunkd管理端口 |
| ./splunk show web-port |
查看Splunk web端口 |
| ./splunk list web-port |
查看Splunk web端口 |
| ./splunk set web-port 80 |
修改Splunk web端口为80 |
| ./splunk show servername |
查看splunk服务名 |
| ./splunk set servername Mysplunk |
修改Splunk服务名为Mysplunk。web页面修改:设置>服务器设置>常规设置>Splunk实例名 |
| ./splunk set default-hostname Mysplunk |
修改默认主机名为Mysplunk。web页面修改:设置>服务器设置>常规设置>默认主机名 |
| ./splunk show default-hostname |
查看默认主机名 |
| ./splunk enable web-ssl |
启用web页面SSL登录 |
| ./splunk disable web-ssl |
关闭web页面SSL登录 |
| ./splunk enable boot-start |
设置splunk开机启动 |
| 索引 |
|
| ./splunk list index |
列出索引 |
| ./splunk add index index_name |
创建索引 |
| ./splunk remove index index_name |
删除索引 |
| ./splunk disable index nginx_logs |
禁用索引 |
| ./splunk enable index nginx_logs |
启用索引 |
| ./splunk reload index nginx_logs |
重新加载索引 |
| ./splunk show index wineventlog |
查看数据存放路径 |
| 数据转发和接收 |
|
| ./splunk display listen |
显示全部splunk数据接收端口 |
| ./splunk enable listen 9997 |
启用splunk 9997数据接收端口。web页面修改:设置>转发和接收>配置接收>新接收端口 |
| ./splunk disable listen 9997 |
禁用splunk 9997数据接收端口。web页面修改:设置>转发和接收>配置接收>删除 |
| forwarder |
|
| ./splunk add forward-server 192.168.10.12:9997 |
添加splunk数据转发目标服务器 |
| ./splunk remove forward-server 192.168.10.12:9997 |
删除splunk数据转发目标服务器 |
| ./splunk list forward-server |
显示Splunk转发器目标服务器列表 |
| ./splunk set deploy-poll 192.168.10.9:8089 |
给forwarder添加deploy(部署)服务器 |
| monitor |
|
| ./splunk add monitor /var/log/audit -index index_name |
添加监控项 |
| ./splunk remove monitor /var/log/audit |
删除监控项 |
| ./splunk list monitor |
显示监控项 |
| User |
|
| ./splunk add user administrator -password ‘12345678’ -full-name ‘administrator’ -role ‘user’ |
创建用户并设置密码和角色,password:密码参数、-full-name:用户全称参数、-role:角色参数 |
| ./splunk edit user admin -password ‘1234qwer’ -role ‘admin’ -auth admin:12345678 |
修改用户密码并重新添加角色,password:密码参数、-role:角色参数、-auth:验证原密码 |
| ./splunk remove user |
删除用户 |
| ./splunk list user |
显示用户列表 |
Splunk CLI command Syntax
show [object][]
list excess-buckets [index-name]
list shcluster-config
list shcluster-members
list shcluster-captain-info
list shcluster-artifacts
list shcluster-scheduler-jobs
list shcluster-member-info
list shcluster-configuration-set
list shcluster-member-artifacts
list monitor [-parameter <value>] ...
list monitor [-parameter <value>] ...
list indexer-discovery
list user
list role
list [licenser-groups|licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|licenser-stacks|licenses]
list licenser-groups
list licenser-messages
Objects
list exec list scripted inputs
list cluster-master Display a list of instances this searchhead can search across
list excess-buckets List excess buckets in the cluster.
list shcluster-config List current SEARCH HEAD CLUSTER configuration
list shcluster-members List SEARCH HEAD CLUSTER members information
list shcluster-captain-info List SEARCH HEAD CLUSTER Captain information
list shcluster-artifacts List SEARCH HEAD CLUSTER artifacts information
list shcluster-scheduler-jobs List search head cluster scheduler job information
list shcluster-member-info List SEARCH HEAD CLUSTER MEMBER or Peer information
list shcluster-configuration-set List SEARCH HEAD CLUSTER NODE SET (All nodes part of the configuration)
list shcluster-member-artifacts List SEARCH HEAD CLUSTER MEMBER artifact information
list inputstatus Lists the status of the different splunk inputs.
list monitor list all active monitored directory and file inputs. Note: This displays files and directories currently or recently monitored by splunkd for change.
list tcp list all active TCP (network) inputs
list udp list all active UDP (network) inputs
list indexer-discovery List current indexer discovery configuration
list forward-server list servers that this server forwards data to
list user list all users known to Splunk
list role list all roles known to Splunk
list ad Display all Active Directory monitoring settings
list registry Display Registry input settings
list wmi Display all WMI Collections
list eventlog Display all EventLog Collections
list monitornohandle Display the file tail
list winnetmon Windows network monitor inputs
list perfmon Display all performance monitoring collections
list winhostmon Display all Host monitoring collections
list winprintmon Display all Print monitoring collections
list licenser-groups lists attributes of available licenser groups
list licenser-messages lists the alerts or
Examples
./splunk list master
./splunk list excess-buckets
./splunk list excess-buckets main
./splunk list shcluster-config
./splunk list shcluster-members
./splunk list shcluster-captain-info
./splunk list shcluster-artifacts
./splunk list shcluster-scheduler-jobs
./splunk list shcluster-member-info
./splunk list shcluster-configuration-set
./splunk list shcluster-member-artifacts
./splunk list inputstatus
./splunk list monitor
./splunk list indexer-discovery
./splunk list ad
./splunk list registry
./splunk list wmi
./splunk list eventlog
./splunk list monitornohandle
./splunk list winnetmon
./splunk list perfmon
./splunk list winhostmon
./splunk list winprintmon
./splunk list licenser-stacks
./splunk list licenser-groups
./splunk list licenser-messagesype
-d2979772834f4346a961b123d2a49447.jpg)
评论区