[研究]Splunk Enterprise 8.2.6 和 9.0.1執行 process 狀態
2022-10-25
Splunk Enterprise 8.2.6 (CentOS 6.10) 執行 process 狀態
[root@localhost ~]# ps aux | grep splunk root 1035 0.3 1.1 177776 48224 ? S 10:11 0:01 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/splunk_secure_gateway/bin/ssg_enable_modular_input.py root 2171 0.0 0.0 103336 872 pts/2 S+ 10:18 0:00 grep splunk root 2337 6.9 11.7 1260908 476852 ? Sl Oct21 383:49 splunkd -p 8089 start root 2342 0.0 0.1 111964 4972 ? Ss Oct21 4:48 [splunkd pid=2337] splunkd -p 8089 start [process-runner] root 2804 0.0 0.4 2744784 18976 ? Sl Oct21 4:46 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000 root 2809 0.0 0.2 220168 9068 ? Sl Oct21 0:38 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_tomcat/bin/tomcat.py root 2832 0.3 1.0 210316 40656 ? Sl Oct21 16:49 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore root 2875 0.2 1.0 162704 41204 ? S Oct21 11:47 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_mscs_azure_audit.py persistent root 2883 0.2 1.0 162512 40868 ? S Oct21 11:55 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_mscs_azure_resource.py persistent root 2903 0.1 0.4 387016 19412 ? Sl Oct21 5:59 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/website_monitoring/bin/web_ping.py root 3304 0.2 2.5 346972 103952 ? Sl Oct21 11:33 [splunkd pid=2337] search --id=rt_scheduler__admin__search__RMD55bcb4fa0f0d80196_at_1666334535_0 --maxbuckets=0 --ttl=120 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --user=admin --pro --roles=admin:can_delete:power:user root 3305 0.0 0.0 111964 1616 ? Ss Oct21 0:00 [splunkd pid=2337] [search-launcher] [process-runner] root 3332 0.2 3.1 349084 127472 ? Sl Oct21 15:27 [splunkd pid=2337] search --id=rt_scheduler__admin__search__RMD5c2cc9c392b0cdf55_at_1666334535_3 --maxbuckets=0 --ttl=120 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=prestats_reserved_* --rf=psrsvd_* --user=admin --pro --roles=admin:can_delete:power:user root 3335 0.0 0.2 111964 10492 ? Ss Oct21 0:00 [splunkd pid=2337] [search-launcher] [process-runner] root 3340 0.2 3.1 349084 127476 ? Sl Oct21 15:05 [splunkd pid=2337] search --id=rt_scheduler__admin__search__RMD56030cb5f0dfc4bd6_at_1666334535_4 --maxbuckets=0 --ttl=120 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=prestats_reserved_* --rf=psrsvd_* --user=admin --pro --roles=admin:can_delete:power:user root 3352 0.0 0.2 111964 10520 ? Ss Oct21 0:00 [splunkd pid=2337] [search-launcher] [process-runner] root 3374 0.2 3.1 346972 127156 ? Sl Oct21 11:33 [splunkd pid=2337] search --id=rt_scheduler__admin__search__RMD54ed94a0680182fa0_at_1666334535_6 --maxbuckets=0 --ttl=120 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --user=admin --pro --roles=admin:can_delete:power:user root 3376 0.0 0.2 111964 10536 ? Ss Oct21 0:00 [splunkd pid=2337] [search-launcher] [process-runner] root 3427 0.2 3.0 347036 123636 ? Sl Oct21 11:24 [splunkd pid=2337] search --id=rt_scheduler__admin__search__RMD5c2174ed151a16f59_at_1666334535_9 --maxbuckets=0 --ttl=120 --maxout=500000 --maxtime=0 --lookups=1 --reduce_freq=10 --user=admin --pro --roles=admin:can_delete:power:user root 3442 0.0 0.2 111964 10536 ? Ss Oct21 0:00 [splunkd pid=2337] [search-launcher] [process-runner] root 11862 0.3 1.1 170228 48424 ? S 07:15 0:36 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_azureaccount.py persistent root 12795 0.1 0.6 147744 27328 ? S Oct24 1:43 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_api_settings.py persistent root 17772 0.3 1.1 168412 46528 ? S 03:46 1:27 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_azureaccount.py persistent root 28149 0.2 0.6 147772 28056 ? S Oct22 10:03 /opt/splunk/bin/python3.7 /opt/splunk/etc/apps/Splunk_TA_microsoft-cloudservices/bin/splunk_ta_mscs_rh_settings.py persistent [root@localhost ~]# |
Splunk Enterprise 9.0.1 (Rocky Linux 9.0.1) 執行 process 狀態
[root@localhost ~]# ps aux | grep splunk root 17613 2.0 5.1 1203564 398324 ? Sl 08:15 7:40 splunkd -p 8089 start root 17614 0.0 0.1 118744 14892 ? Ss 08:15 0:17 [splunkd pid=17613] splunkd -p 8089 start [process-runner] root 17768 0.5 2.1 583280 169672 ? SLl 08:15 1:52 mongod --dbpath=/opt/splunk/var/lib/splunk/kvstore/mongo --storageEngine=wiredTiger --wiredTigerCacheSizeGB=1.050000 --port=8191 --timeStampFormat=iso8601-utc --oplogSize=200 --keyFile=/opt/splunk/var/lib/splunk/kvstore/mongo/splunk.key --setParameter=enableLocalhostAuthBypass=0 --setParameter=oplogFetcherSteadyStateMaxFetcherRestarts=0 --replSet=375FA491-0ABF-48F8-8064-15500BC26540 --bind_ip=0.0.0.0 --sslMode=requireSSL --sslAllowInvalidHostnames --sslPEMKeyFile=/opt/splunk/etc/auth/server.pem --sslPEMKeyPassword=xxxxxxxx --tlsDisabledProtocols=noTLS1_0,noTLS1_1 --sslCipherConfig=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256 --nounixsocket --noscripting root 17927 0.2 1.3 219144 104568 ? Sl 08:15 0:51 /opt/splunk/bin/splunkd instrument-resource-usage -p 8089 --with-kvstore root 18029 0.0 1.1 4265688 87316 ? Sl 08:15 0:20 /opt/splunk/bin/python3.7 -O /opt/splunk/lib/python3.7/site-packages/splunk/appserver/mrsparkle/root.py --proxied=127.0.0.1,8065,8000 root 68606 0.2 1.5 268340 120892 ? Sl 14:02 0:03 [splunkd pid=17613] search --id=rt_md_1666850533.65 --maxbuckets=300 --ttl=600 --maxout=100000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=* --user=admin --pro --roles=admin:power:user root 68607 0.0 0.1 118744 12424 ? Ss 14:02 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 68637 0.2 1.6 268340 125740 ? Sl 14:02 0:03 [splunkd pid=17613] search --id=rt_md_1666850535.67 --maxbuckets=300 --ttl=600 --maxout=100000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=* --user=admin --pro --roles=admin:power:user root 68638 0.2 1.6 268340 125676 ? Sl 14:02 0:03 [splunkd pid=17613] search --id=rt_md_1666850535.66 --maxbuckets=300 --ttl=600 --maxout=100000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=* --user=admin --pro --roles=admin:power:user root 68639 0.2 1.6 268340 129772 ? Sl 14:02 0:03 [splunkd pid=17613] search --id=rt_md_1666850535.68 --maxbuckets=300 --ttl=600 --maxout=100000 --maxtime=0 --lookups=1 --reduce_freq=10 --rf=* --user=admin --pro --roles=admin:power:user root 68640 0.0 0.1 118744 12424 ? Ss 14:02 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 68641 0.0 0.1 118744 12424 ? Ss 14:02 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 68644 0.0 0.1 118744 12424 ? Ss 14:02 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 70637 0.0 1.4 278584 115144 ? Sl 14:15 0:00 [splunkd pid=17613] [search-launcher] root 70638 0.0 1.4 278584 114492 ? Sl 14:15 0:00 [splunkd pid=17613] [search-launcher] root 70639 0.0 0.1 118744 12424 ? Ss 14:15 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 70641 0.0 0.1 118744 12424 ? Ss 14:15 0:00 [splunkd pid=17613] [search-launcher] [process-runner] root 72316 0.0 0.0 221816 2220 pts/0 S+ 14:25 0:00 grep --color=auto splunk [root@localhost ~]# |
(完)
相關
[研究]Splunk Enterprise 8.2.6搬移舊資料到另一台 Splunk Enterprise 9.0.1新機器
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-splunk-enterprise.html
[研究]Splunk Enterprise 8.2.6, 9.0.1 的 $SPLUNK_HOME 和 $SPLUNK_DB 環境變數值
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-splunkhome.html
[研究]Splunk Enterprise 8.2.6 升級安裝 9.0.1 (CentOS 6.10)
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-901-centos-610.html
[研究]Splunk Enterprise 9.0.1匯入原有 License
https://shaurong.blogspot.com/2022/10/splunk-enterprise-901-license.html
[研究]Splunk Enterprise 8.2.6 和 9.0.1執行 process 狀態
https://shaurong.blogspot.com/2022/10/splunk-enterprise-826-process.html
[研究]Splunk 授權檔目錄
https://shaurong.blogspot.com/2022/10/splunk.html
[研究]Splunk Server 9.0.1於 Rocky Linux 9.0 安裝
https://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-90.html
[研究]Splunk Server 9.0.1於 Rocky Linux 8.6 安裝
http://shaurong.blogspot.com/2022/10/splunk-server-901-rocky-linux-86.html
Splunk Product Comparison
https://www.splunk.com/en_us/software/features-comparison-chart.html
Splunk Free Trial and Downloads
https://www.splunk.com/en_us/download/splunk-light.html
Install on Linux - Splunk Documentation
https://docs.splunk.com/Documentation/Splunk/7.1.0/Installation/InstallonLinux
Launch Splunk Web - Splunk Documentation
https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchTutorial/StartSplunk
[研究]Spunk Server上用iptables防火牆解決nmap發現的弱憑證簽章 Weak certificate signature SHA1弱點
https://shaurong.blogspot.com/2021/06/spunk-serveriptablesnmap-weak.html
[研究] Nessus 報告 Splunk port 8089 有 35291 - SSL Certificate Signed Using Weak Hashing Algorithm 弱點
https://shaurong.blogspot.com/2021/06/nessus-splunk-port-8089-35291-ssl.html
[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on CentOS 8 Stream
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free_29.html
[研究] Splunk Enterprise Trial 8.1.3 (Splunk Free 8.1.3 ) 安裝 on Windows Server 2019
https://shaurong.blogspot.com/2021/04/splunk-enterprise-trial-813-splunk-free.html
[研究]Splunk Universal Forwarder 8.1.3 for Windows 安裝
https://shaurong.blogspot.com/2021/04/splunk-universal-forwarder-813-for.html
[研究] Splunk Free 8.1.3 的 .deb 版安裝、設定與測試 on Ubuntu 20
https://shaurong.blogspot.com/2021/04/splunk-free-813-deb-on-ubuntu-20.html
[研究]更新 Splunk 8.1.1 後,發現 log 沒進來之解決
https://shaurong.blogspot.com/2020/12/splunk-811-log.html
沒有留言:
張貼留言