[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值
2022-10-27
$SPLUNK_HOME 和 $SPLUNK_DB 是甚麼值?
[root@aplog local]# echo $SPLUNK_DB [root@aplog local]# echo $SPLUNK_HOME [root@aplog local]# |
cat /opt/splunk/etc/splunk-launch.conf.default
# Version 8.2.6
# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
# SPLUNK_HOME=/opt/splunk-home
# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
|
cat /opt/splunk/etc/splunk-launch.conf
# Copyright (C) 2005-2011 Splunk Inc. All Rights Reserved. Version 4.2.3
# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory this configuration
# file was found in
#
SPLUNK_HOME=/opt/splunk
# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=splunkd
# Splunkweb daemon name
SPLUNK_WEB_NAME=splunkweb
|
所以實際上 index DB 存放在 SPLUNK_DB=/opt/splunk/var/lib/splunk
********************************************************************************
Splunk Enterprise 9.0.1
cat /opt/splunk/etc/splunk-launch.conf.default
# Version 9.0.1 # Modify the following line to suit the location of your Splunk install. # If unset, Splunk will use the parent of the directory containing the splunk # CLI executable. # # SPLUNK_HOME=/opt/splunk-home # By default, Splunk stores its indexes under SPLUNK_HOME in the # var/lib/splunk subdirectory. This can be overridden # here: # # SPLUNK_DB=/opt/splunk-home/var/lib/splunk # Splunkd daemon name SPLUNK_SERVER_NAME=Splunkd # If SPLUNK_OS_USER is set, then Splunk service will only start # if the 'splunk [re]start [splunkd]' command is invoked by a user who # is, or can effectively become via setuid(2), $SPLUNK_OS_USER. # (This setting can be specified as username or as UID.) # # SPLUNK_OS_USER |
cat /opt/splunk/etc/splunk-launch.conf
# Version 9.0.1
# Modify the following line to suit the location of your Splunk install.
# If unset, Splunk will use the parent of the directory containing the splunk
# CLI executable.
#
SPLUNK_HOME=/opt/splunk
# By default, Splunk stores its indexes under SPLUNK_HOME in the
# var/lib/splunk subdirectory. This can be overridden
# here:
#
# SPLUNK_DB=/opt/splunk-home/var/lib/splunk
# Splunkd daemon name
SPLUNK_SERVER_NAME=Splunkd
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
|
所以實際上 index DB 存放在 SPLUNK_DB=/opt/splunk/var/lib/splunk
(完)
相關
[研究]Splunk Enterprise 8.2.6搬移舊資料到另一台 Splunk Enterprise 9.0.1新機器
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-splunk-enterprise.html
Move a peer to a new site - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/9.0.1/Indexer/Moveapeertoanewsite
Manage licenses from the CLI - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/LicenserCLIcommands
Splunk Enterprise 8.2.8 - Swap the license master
https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Swapthelicensemaster
Splunk Enterprise 8.2.8 - Install a license
https://docs.splunk.com/Documentation/Splunk/8.2.8/Admin/Installalicense
[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-splunkhome.html
[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-centos-610.html
[研究]Splunk Enterprise 9.0.1匯入原有 License
https://shaurong.blogspot.com/2022/10/splunk-enterprise-901-license.html
[研究]Splunk Enterprise 8.2.6 和 9.0.1執行 process 狀態
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-process.html
[研究]Splunk 授權檔目錄
https://shaurong.blogspot.com/2022/10/splunk.html
[研究]Splunk Server 9.0.1於 Rocky Linux 9.0 安裝
https://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-90.html
[研究]Splunk Server 9.0.1於 Rocky Linux 8.6 安裝
http://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-86.html
Splunk Product Comparison
https://www.splunk.com/en_us/software/features-comparison-chart.html
Splunk Free Trial and Downloads
https://www.splunk.com/en_us/download/splunk-light.html
Install on Linux - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/InstallonLinux
Launch Splunk Web - Splunk Documentation
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/StartSplunk
[研究]Spunk Server上用iptables防火牆解決nmap發現的弱憑證簽章 Weak certificate signature SHA1弱點
https://shaurong.blogspot.com/2021/06/spunk-serveriptablesnmap-weak.html
[研究] Nessus 報告 Splunk port 8089 有 35291 - SSL Certificate Signed Using Weak Hashing Algorithm 弱點
https://shaurong.blogspot.com/2021/06/nessus-splunk-port-8089-35291-ssl.html
[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on CentOS 8 Stream
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free_29.html
[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on Windows Server 2019
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free.html
[研究]Splunk Universal Forwarder 8.1.3 for Windows 安裝
https://shaurong.blogspot.com/2021/04/splunk-universal-forwarder-813-for.html
[研究] Splunk Free 8.1.3 的 .deb 版安裝、設定與測試 on Ubuntu 20
https://shaurong.blogspot.com/2021/04/splunk-free-813-deb-on-ubuntu-20.html
[研究]更新 Splunk 8.1.1 後,發現 log 沒進來之解決
https://shaurong.blogspot.com/2020/12/splunk-811-log.html
沒有留言:
張貼留言