CLI Admin Commands
"reload index" - reloads index configuration, making immediately effective all "add/edit/enable/disable index" commands since last reload or Splunk restart
# /opt/splunk/bin/splunk reload index
# Index config reloaded.
Or
# /opt/splunk/bin/splunk reload index -name {index_name}
... View more
App Requirements
"You can also install the Splunk App for Windows on a non-Windows Splunk instance to display Windows data coming from external sources, such as universal forwarders that run the Splunk Technology Add-on (TA) for Windows."
... View more
http://docs.splunk.com/Documentation/Splunk/5.0.2/ReleaseNotes/KnownIssues
"Metadata results from this peer are incomplete: the peer has over 100000 entries" message in the summary dashboard in large environment (SPL-58112). To work around this issue, increase the value of [metadata] maxcount=500000 in limits.conf."
... View more
Whenever a group shows up as a number, it means that it has not been assigned, and is therefore invalid.
When splunk was installed, it created the splunk group using the next available group number - in this case 1001.
It is not a bug or error, it is how Linux works.
You should really be assigning mumble to a group which exists (look in /etc/group)
... View more
Are you sure the application management agent cannot accept the fact that the app goes into daemon mode on its own, and simply issue the 'restart' option if the process dies?
... View more
You're really not explaining why you want to run it in the foreground. What is the actual problem you are attempting to solve, that you think having splunkd in the foreground would help?
... View more
Rsyslog replaced syslog in Cent OS 6.
Odds are, it is configured to use RSYSLOG_TraditionalFileFormat
http://www.rsyslog.com/doc/rsyslog_conf_templates.html
... View more
Splunk attempts to determine the URL - but it doesn't enforce it anywhere. It is simply listening on port 8000 on your server.
You should be able to access it at http://your.public.address:8000
... View more