Difference between revisions of "Splunk"

From Ever changing code
Jump to navigation Jump to search
(Created page with "= Splunk forwarder = Setup splunk-forwarder agent on Linux <source lang=bash> ./splunk set deploy-poll splunk.acme.com:8089 ./splunk show deploy-poll ./splunk enable listen...")
 
Line 2: Line 2:
Setup splunk-forwarder agent on Linux
Setup splunk-forwarder agent on Linux
<source lang=bash>
<source lang=bash>
./splunk set  deploy-poll splunk.acme.com:8089
./splunk add  forward-server splunk.acme.com:9997 --accept-license --no-prompt -auth admin:changeme
./splunk list forward-server
./splunk set  deploy-poll   splunk.acme.com:8089
./splunk show deploy-poll
./splunk show deploy-poll
./splunk enable  listen 9997
./splunk enable  listen 9997
Line 10: Line 12:
./splunk set  default-hostname <serverName|hostname>
./splunk set  default-hostname <serverName|hostname>
./splunk show default-hostname
./splunk show default-hostname
./splunk list forward-server
./splunk enable boot-start
./splunk enable boot-start
</source>
</source>

Revision as of 08:15, 19 August 2020

Splunk forwarder

Setup splunk-forwarder agent on Linux

./splunk add  forward-server splunk.acme.com:9997 --accept-license --no-prompt -auth admin:changeme
./splunk list forward-server
./splunk set  deploy-poll    splunk.acme.com:8089
./splunk show deploy-poll
./splunk enable  listen 9997
./splunk display listen
./splunk set  servername <serverName|hostname>
./splunk show servername
./splunk set  default-hostname <serverName|hostname>
./splunk show default-hostname
./splunk enable boot-start