Splunk Command Line Reference

How to add monitor in Splunk?
$ sudo ./splunk [add|edit|remove|list] [monitor|exex|tcp|udp|oneshot]
source - file, directory, scripted input, or socket to manage

How to remove monitor?
$ sudo ./splunk remove monitor /var/log/jenkins

How to set hostname?
$ sudo ./splunk add monitor /var/log/dmesg -hostname rajesh -index newindex
$ sudo ./splunk add monitor /opt/lampp/etc -hostname rajhost -index rajesh

How to upload to new index?
$ sudo ./splunk add monitor /var/log/dmesg -hostname rajesh -index newindex

How to upload a file?
$ sudo ./splunk add oneshot /var/log/applog	
$ sudo ./splunk add oneshot C:\Program Files\AppLog\log.txt
$ sudo ./splunk add forward-server <host>:<port> -auth <username>:<password>

Alternatively, if you have many forwarders, you can use an outputs.conf file to specify the receiver. For example:
[tcpout:my_indexers]
server= splunk_indexer.acme.com:9997

This command, <port> is the network port you want the receiver to listen on.
$ sudo ./splunk enable listen <port> -auth <username>:<password>
$ sudo ./splunk enable listen 9997 -auth <username>:<password>

This command below will also show which apps each setting is coming from.
$ sudo ./splunk cmd btool --debug inputs list

Permanently remove event data from an index by typing
$ splunk clean eventdata
$ splunk clean eventdata -index <index_name>
$ splunk stop
$ splunk clean eventdata 	# To permanently remove data from all indexes
$ splunk stop
$ splunk clean eventdata -index _internal -f # To permanently remove data from _internal

Remove all data from one or all indexes
$ splunk help clean

Remove an index entirely
$ splunk stop
$ splunk remove index main # cannot remove idx=main, is internal
$ splunk remove index <index_name>

Disable an index without removing it
$ splunk disable index <index_name>

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I am working at Cotocus. I blog tech insights at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at I reviewed , and SEO strategies at Wizbrand.

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at PINTEREST
Rajesh Kumar at QUORA
Rajesh Kumar at WIZBRAND

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification - Learn the fundamentals and advanced concepts of DevOps practices and tools.

DevSecOps Certification - Master the integration of security within the DevOps workflow.

SRE Certification - Gain expertise in Site Reliability Engineering and ensure reliability at scale.

MLOps Certification - Dive into Machine Learning Operations and streamline ML workflows.

AiOps Certification - Discover AI-driven operations management for next-gen IT environments.

Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

Splunk Command Line Reference

Certification Courses

Need Assistance!!!

Feel Free To Contact Us

+1 (469) 756-6329

(US Call-WhatsApp)

+91 7004 215 841

(India Call-WhatsApp)

Email us

Contact@DevOpsSchool.com