2022年10月27日 星期四

[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值

[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值

2022-10-27

$SPLUNK_HOME 和 $SPLUNK_DB 是甚麼值?

[root@aplog local]# echo $SPLUNK_DB

[root@aplog local]# echo $SPLUNK_HOME

[root@aplog local]#


cat /opt/splunk/etc/splunk-launch.conf.default

#   Version 8.2.6

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory.  This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd

# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER

cat /opt/splunk/etc/splunk-launch.conf

# Copyright (C) 2005-2011 Splunk Inc. All Rights Reserved.  Version 4.2.3

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory this configuration
# file was found in
#
SPLUNK_HOME=/opt/splunk

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory.  This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk/var/lib/splunk

# Splunkd daemon name
SPLUNK_SERVER_NAME=splunkd

# Splunkweb daemon name
SPLUNK_WEB_NAME=splunkweb


所以實際上 index DB 存放在 SPLUNK_DB=/opt/splunk/var/lib/splunk

********************************************************************************

Splunk Enterprise 9.0.1

cat /opt/splunk/etc/splunk-launch.conf.default

#   Version 9.0.1

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory.  This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd

# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER


cat /opt/splunk/etc/splunk-launch.conf

#   Version 9.0.1

# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
SPLUNK_HOME=/opt/splunk

# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory.  This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd

# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER

所以實際上 index DB 存放在 SPLUNK_DB=/opt/splunk/var/lib/splunk

(完)

相關

[研究]Splunk Enterprise 8.2.6搬移舊資料到另一台 Splunk Enterprise 9.0.1新機器
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-splunk-enterprise.html

Move a peer to a new site - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/Moveapeertoanewsite

Manage licenses from the CLI - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/LicenserCLIcommands

Splunk Enterprise 8.2.8 - Swap the license master
https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Swapthelicensemaster

Splunk Enterprise 8.2.8 - Install a license
https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Installalicense

[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-splunkhome.html

[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-centos-610.html

[研究]Splunk Enterprise 9.0.1匯入原有 License
https://shaurong.blogspot.com/2022/10/splunk-enterprise-901-license.html

[研究]Splunk Enterprise 8.2.6 和 9.0.1執行 process 狀態
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-process.html

[研究]Splunk 授權檔目錄
https://shaurong.blogspot.com/2022/10/splunk.html

[研究]Splunk  Server 9.0.1於 Rocky Linux 9.0 安裝
https://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-90.html

[研究]Splunk  Server 9.0.1於 Rocky Linux 8.6 安裝
http://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-86.html

Splunk Product Comparison
https://www.splunk.com/en_us/software/features-comparison-chart.html

Splunk Free Trial and Downloads
https://www.splunk.com/en_us/download/splunk-light.html

Install on Linux - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/InstallonLinux

Launch Splunk Web - Splunk Documentation
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/StartSplunk

[研究]Spunk Server上用iptables防火牆解決nmap發現的弱憑證簽章 Weak certificate signature SHA1弱點
https://shaurong.blogspot.com/2021/06/spunk-serveriptablesnmap-weak.html

[研究] Nessus 報告 Splunk port 8089 有 35291 - SSL Certificate Signed Using Weak Hashing Algorithm 弱點
https://shaurong.blogspot.com/2021/06/nessus-splunk-port-8089-35291-ssl.html

[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on CentOS 8 Stream
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free_29.html

[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on Windows Server 2019
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free.html

[研究]Splunk Universal Forwarder 8.1.3 for Windows 安裝
https://shaurong.blogspot.com/2021/04/splunk-universal-forwarder-813-for.html

[研究] Splunk Free 8.1.3 的 .deb 版安裝、設定與測試 on Ubuntu 20
https://shaurong.blogspot.com/2021/04/splunk-free-813-deb-on-ubuntu-20.html

[研究]更新 Splunk 8.1.1 後,發現 log 沒進來之解決
https://shaurong.blogspot.com/2020/12/splunk-811-log.html

沒有留言:

張貼留言