Splunk Cheat Sheet

Leave a reply

List active stanzas on Linux forwarder

/opt/splunkforwarder/bin/splunk cmd btool inputs list

List active stanzas and show locations on Linux forwarder

/opt/splunkforwarder/bin/splunk cmd btool inputs list --debug

Add a new log to the on a linux forwarder stanzas ( in this example we add the apache access log )

/opt/splunkforwarder/bin/splunk add monitor /var/log/apache2/zds_access.log -index default -sourcetype access_log

Remove log from stanzas on a linux forwarder ( in this example we add the apache access log )

/opt/splunkforwarder/bin/splunk remove monitor /var/log/apache2/zds_access.log

View all sourcetypes by typing the following to the search field on the splunk console

| metadata type=sourcetypes index=* OR index=_*

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.