Splunk - Commandes en CLI

 1 $ splunk list monitor
 2 Monitored Directories:
 3  $SPLUNK_HOME/var/log/introspection
 4      /Applications/Splunk/var/log/introspection/disk_objects.log
 5      /Applications/Splunk/var/log/introspection/http_event_collector_metrics.log
 6      /Applications/Splunk/var/log/introspection/kvstore.log
 7      /Applications/Splunk/var/log/introspection/resource_usage.log
 8  $SPLUNK_HOME/var/log/splunk
 9      /Applications/Splunk/var/log/splunk/audit.log
10      /Applications/Splunk/var/log/splunk/btool.log
11      /Applications/Splunk/var/log/splunk/conf.log
12      /Applications/Splunk/var/log/splunk/dfm_stderr.log
13      /Applications/Splunk/var/log/splunk/dfm_stdout.log
14      /Applications/Splunk/var/log/splunk/export_metrics.log
15      /Applications/Splunk/var/log/splunk/first_install.log
16      /Applications/Splunk/var/log/splunk/health.log
17      /Applications/Splunk/var/log/splunk/license_usage.log
18      /Applications/Splunk/var/log/splunk/metrics.log
19      /Applications/Splunk/var/log/splunk/mongod.log
20      /Applications/Splunk/var/log/splunk/remote_searches.log
21      /Applications/Splunk/var/log/splunk/scheduler.log
22      /Applications/Splunk/var/log/splunk/search_messages.log
23      /Applications/Splunk/var/log/splunk/searchhistory.log
24      /Applications/Splunk/var/log/splunk/splunk_instrumentation.log
25      /Applications/Splunk/var/log/splunk/splunkd-utility.log
26      /Applications/Splunk/var/log/splunk/splunkd.log
27      /Applications/Splunk/var/log/splunk/splunkd_access.log
28      /Applications/Splunk/var/log/splunk/splunkd_stderr.log
29      /Applications/Splunk/var/log/splunk/splunkd_stdout.log
30      /Applications/Splunk/var/log/splunk/splunkd_ui_access.log
31      /Applications/Splunk/var/log/splunk/web_access.log
32      /Applications/Splunk/var/log/splunk/web_service.log
33      /Applications/Splunk/var/log/splunk/wlm_monitor.log
34  $SPLUNK_HOME/var/log/splunk/license_usage_summary.log
35      /Applications/Splunk/var/log/splunk/license_usage_summary.log
36  $SPLUNK_HOME/var/log/splunk/splunk_instrumentation_cloud.log
37      /Applications/Splunk/var/log/splunk/splunk_instrumentation_cloud.log
38  $SPLUNK_HOME/var/log/watchdog/watchdog.log
39      /Applications/Splunk/var/log/watchdog/watchdog.log
40  $SPLUNK_HOME/var/run/splunk/search_telemetry/*search_telemetry.json
41  $SPLUNK_HOME/var/spool/splunk/...stash_new
42 Monitored Files:
43  $SPLUNK_HOME/etc/splunk.version

1 $ splunk btool <prefixe-fichier-de-config> list [--debug] 

 1 $ splunk btool inputs list
 2 ---SNiP---
 3 t_key:linebreaker:parsingQueue
 4 [tcp]
 5 rcvbuf = 1572864
 6 acceptFrom = *
 7 connection_host = dns
 8 host = $decideOnStartup
 9 index = default
10 [udp]
11 _rcvbuf = 1572864
12 connection_host = ip
13 host = $decideOnStartup
14 index = default

1 $ splunk btool inputs list tcp
2 [tcp]
3 _rcvbuf = 1572864
4 acceptFrom = *
5 connection_host = dns
6 host = $decideOnStartup
7 index = default

1  $ splunk btool inputs list tcp --debug
2 /Applications/Splunk/etc/system/default/inputs.conf [tcp]
3 /Applications/Splunk/etc/system/default/inputs.conf _rcvbuf = 1572864
4 /Applications/Splunk/etc/system/default/inputs.conf acceptFrom = *
5 /Applications/Splunk/etc/system/default/inputs.conf connection_host = dns
6 /Applications/Splunk/etc/system/default/inputs.conf host = $decideOnStartup
7 /Applications/Splunk/etc/system/default/inputs.conf index = default

1 $ splunk btool indexes list --app=lab-all-indexes
2 [lab_test]
3 coldPath = $SPLUNK_DB/$index_name/colddb
4 homePath = $SPLUNK_DB/$index_name/db
5 thawedPath = $SPLUNK_DB/$_index_name/thaweddb

1 $ splunk btool check

1 $ splunk search '|tstats count where index=* by index'
2  index   count
3 -------- ------
4 lab_test 109864