splunk add
-
Add data inputs, user accounts, or saved searches. Type "./splunk help saved-search" to learn how to add alerts and saved searches. Type "./splunk help [topic name | object name | parameter name]" to get help on any topic, object, or parameter. Syntax: add [object] [-parameter <value> | <value>] add shcluster-member add monitor source [-parameter <value>] ... add [tcp] source [-parameter <value>] ... add user <username> [-parameter <value>] ... add role <rolename> [-parameter <value>] ... add [licenses|licenser-pools] add licenses path add -name <pool name> -description <description> -quota <size[kb|mb|tb]> -slaves <comma separated slave GUID list> -stack_id <stack to which this pool belongs> Objects: add exec adds scripted inputs add index adds index on this server add cluster-master Adds another master to the list of instances a searchhead searches across add shcluster-member Add the specified node to a search head cluster. Search head clustering should already be enabled on that node. add monitor adds monitor directory and file inputs add tcp adds TCP (network) inputs add udp adds UDP (network) inputs add forward-server adds servers to forward data to; to set up SSL, you need to provide at minimum the following parameters: ssl-cert-path, ssl-password, and ssl-root-ca-path add oneshot adds onetime file input add user adds a user add role adds a role add licenses adds a license to the appropriate stack add licenser-pools adds a pool to a stack Required Parameters: (For add exec) source command and arguments to be run interval number of seconds to wait before running the command (For add index) name name of index (if none set - then use all) (For add cluster-master) master_uri the value of the master uri (For add monitor) source path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files. (For add tcp) source the TCP network port that the Splunk Server should listen on (For add udp) source port where Splunk should listen for events (For add forward-server) hostport in the format <host>:<port> where host and port are hostname or IP address of the indexing server and port that the indexer is listening on (For add oneshot) source name of a file to add to inputs (For add user) username the name of the Splunk user account to manage role Admin, Power, or User password password of the account (For add role) rolename The name of the role (For add licenses) path path to the new license file (For add licenser-pools) name name of the new pool to add stack_id stack that this pool belongs to quota new allocation size of the pool Optional Parameters: (For add exec) hostregex quoted string description for the app host hostname to set as the host value index index to place events in keep-open set the command to not terminate sourcetype source type value to set for events from the source (For add cluster-master) secret the secret/pass4SymmKey used for the master site the site-id for the searchhead for this master multisite used to turn on|off multisite for this master. Takes in values[true|false] (For add shcluster-member) current_member_uri Management uri of an existing member of the cluster that this node is to be come part of. When this command is run on a current member, this is not required. When this command is run on the new node, this is required so that the new node can talk to the cluster. new_member_uri Management uri of the new member to be added to the cluster. This must be exactly the same as the mgmt_uri of the new node (as specified in server.conf). When this command is run on a current member this is required to specify the node to add. When this command is run directly on the new node, this is not required. (For add monitor) sourcetype source type value to set for events from the source index a local Splunk index to place events from the source. Note: For forwarding instances of Splunk (which typically do not have local indexes), you have to edit the configuration file (inputs.conf) to specify an input for an index on a remote server. hostname host name to set as the host value hostregex regular expression of file path to set as the host value hostsegmentnum number of segments in the file path to set as the host value follow-only only read from the end of the file (True|False, default=False) (For add tcp) remotehost specify IP address to exclusively accept data from sourcetype source type value to set for events from the source index index to place events from the source hostname host name to set as the host value resolvehost specify whether to use DNS to set the host value (true|false, default=false) doneTimeout timeout after which data received so far over the connection is deemed complete (For add udp) remotehost specify an IP address to exclusively accept data from sourcetype source type value to set for events from the source index index to place events in hostname host name to set as the host value resolvehost specify whether to use DNS to set the host value (true|false, default=false) (For add forward-server) method set forwarding method to data-cloning or load-balancing (clone|autobalance, default=autobalance) ssl-cert-path If path to the certificate is specified, this connection will use SSL ssl-password The password associated with the certificate authority certificate ssl-root-ca-path The path to the root certificate authority file ssl-verify-server-cert If true, make sure that the server that is being connected to is an authenticated one (true|false) ssl-common-name-to-check Check the common name of the server's certificate against this name when 'ssl-verify-server-cert' is set to true ssl-alternate-name-to-check The alternate name to check when 'ssl-verify-server-cert' is set to true (For add user) full-name Real name of user in quotes (Example: "Nikola Tesla") tz Timezone of user (Example: "Europe/London") (For add licenser-pools) description human readable description slaves list of slave GUIDs that are part of this pool Examples: './splunk add cluster-master https://127.0.0.1:8089 -secret testsecret -multisite false' './splunk add cluster-master https://127.0.0.1:8089 -secret testsecret -multisite true -site site2' ./splunk add shcluster-member -current_member_uri https://myserver:1234 ./splunk add shcluster-member -new_member_uri https://myserver:1234 ./splunk add monitor /var/log/ ./splunk add monitor -source c:\Windows\windowsupdate.log -index newindex ./splunk add monitor -source c:\windows\system32\LogFiles\W3SVC ./splunk add forward-server bologna:9997 ./splunk add forward-server vicenza:9991 -ssl-cert-path /path/ssl.crt -ssl-root-ca-path /path/ca.crt -ssl-password password ./splunk add user noobie -password "changeme" -full-name 'New User' -role User ./splunk add role noobie -capability edit_tcp -imported user ./splunk add role subuser -capability edit_user -imported user -imported power -grantable user ./splunk add licenses /opt/splunk/etc/licenses/enterprise/enterprise.lic ./splunk add licenses /opt/splunk/etc/licenses/enterprise/enterprise.lic ./splunk add licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 -stack_id enterprise Type "help [command]" to get help with parameters for a specific command. Complete documentation is available online at: http://docs.splunk.com/Documentation
© Lightnetics 2024