splunk edit
-
Edit data inputs, user accounts, or saved searches. Type "./splunk help saved-search" to learn how to add alerts and saved searches. Type "./splunk help [topic name | object name | parameter name]" to get help on any topic, object, or parameter. Syntax: edit [object] [-parameter <value> | <value>] edit cluster-config -mode master|slave|searchhead -<parameter_name> <parameter_value> edit shcluster-config -<parameter_name> <parameter_value> edit monitor edit [tcp] source [-parameter <value>] ... edit [udp] source [-parameter <value>] ... edit user <username> [-parameter <value>] ... edit role <rolename> [-parameter <value>] edit [licenser-localslave|licenser-pools|licenser-groups] edit -name <pool name> -description <description> -quota <size[kb|mb|tb]> -slaves <comma separated slave GUID list> edit -master_uri <scheme>://<hostname>:<port> edit <licenser group name> -is_active 1 Objects: edit exec edits scripted inputs edit index edits index on this server edit cluster-config edit current clustering configuration edit cluster-master Edit a master currently in the list of instances a searchhead searches across edit shcluster-common-encrypt Recrypt the field with shcluster common encryption key. edit shcluster-config edit current shclustering configuration on a bootstrapped node. edit monitor edits monitored directory inputs edit tcp edits TCP (network) inputs edit udp edits UDP (network) inputs edit user edits a user edit role edits a role edit licenser-pools edits a pool within a stack edit licenser-localslave edits attributes of local license slave node edit licenser-groups edits attributes of licenser groups Required Parameters: (For edit exec) source command and arguments to be run (For edit index) name name of index (For edit cluster-config) mode master|slave|searchhead (For edit cluster-master) master_uri the value of the master uri (For edit shcluster-common-encrypt) config Name of the Conf file eg: server for server.conf. prefix Prefix for the stanza where the key for re-encryption is found. key The key whose value has to be re-encrypted with common secret. (For edit monitor) source path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files. (For edit tcp) source the TCP network port that the Splunk Server should listen on (For edit udp) source the UDP network port that the Splunk Server should listen on (For edit user) username the name of the Splunk user account to remove (For edit role) rolename The name of the role (For edit licenser-pools) name name of the pool to edit (For edit licenser-localslave) master_uri uri of the splunkd license master instance OR 'self' (For edit licenser-groups) name name of the licenser groups is_active 1 to enable Optional Parameters: (For edit exec) hostregex quoted string description for the app host hostname to set as the host value index index to place events in interval number of seconds to wait before running the command keep-open set the command to not terminate sourcetype source type value to set for events from the source (For edit cluster-config) cxn_timeout connection timeout send_timeout send timeout rcv_timeout recieve timeout rep_cxn_timeout replication connection timeout rep_send_timeout replication send timeout rep_rcv_timeout replication receive timeout replication_factor sets the replication factor search_factor sets the search factor heartbeat_timeout sets the hearbeat timeout restart_timeout sets the time the master waits for peer to readd after restart master_uri sets the value of the master uri replication_port specify the replication port max_peer_build_load specify the max number of concurrent jobs to make bucket searchable max_peer_rep_load specify the max number of concurrent replications that peer can take part in as target secret sets the value of the secret key between master and slaves multisite used to turn on the multisite feature for this cluster site_replication_factor sets the replication factor for a multisite configuration. See examples for usage site_search_factor sets the search factor for a multisite configuration. See examples for usage site sets the site-id for slave/searchhead indexer.Valid values include site1 to site64 available_sites sets the various sites that are recognised for this master.Valid values include site1 to site64 use_batch_mask_changes specifies whether master should process mask changes for buckets in batch or individual mode cluster_label sets a label that is associated with the cluster summary_replication Turn on summary replication in the cluster. re_add_on_bucket_request_error specify whether slave should re-add itself to master if master returns an error for a bucket request. (For edit cluster-master) secret the secret/pass4SymmKey used for the master site the site-id for the searchhead for this master multisite used to turn on|off the multisite feature for this master. Acceptable values are [true|false (For edit shcluster-common-encrypt) username Username if available. app The app for which you have to change the key. (For edit shcluster-config) cxn_timeout connection timeout send_timeout send timeout rcv_timeout recieve timeout rep_cxn_timeout replication connection timeout rep_send_timeout replication send timeout rep_rcv_timeout replication receive timeout replication_factor sets the replication factor heartbeat_timeout sets the hearbeat timeout restart_timeout sets the time the master waits for peer to readd after restart replication_port specify the replication port max_peer_build_load specify the max number of concurrent jobs to make bucket searchable max_peer_rep_load specify the max number of concurrent replications that peer can take part in as target secret sets the value of the secret key between captain and members mgmt_uri Specify the managment uri of this node. raft_election_timeout_ms Sets the value of election timeout used by the raft protocol. conf_deploy_fetch_url Sets the uri from which a cluster member fetches its baseline configuration. (For edit monitor) sourcetype source type value to set for events from the source index a local Splunk index to place events from the source hostname host name to set as the host value hostregex regular expression of file path to set as the host value hostsegmentnum number of segments in the file path to set as the host value follow-only only read from the end of the file (True|False, default=False) (For edit tcp) remotehost specify IP address to exclusively accept data from sourcetype source type value to set for events from the source index index to place events from the source hostname host name to set as the host value resolvehost specify whether to use DNS to set the host value (true|false, default=false) doneTimeout timeout after which data received so far over the connection is deemed complete (For edit udp) remotehost specify IP address to exclusively accept data from sourcetype source type value to set for events from the source index index to place events from the source hostname host name to set as the host value resolvehost specify whether to use DNS to set the host value (true|false, default=false) (For edit user) full-name Real name of user in quotes (Example: "Nikola Tesla") tz Timezone of user (Example: "Europe/London") (For edit licenser-pools) description human readable description quota new allocation size of the pool slaves list of slave GUIDs that are part of this pool append_slaves a flag to append the slave GUIDs to the existing list rather than overwriting it Examples: ./splunk edit cluster-config -mode slave -replication_port 4535 ./splunk edit cluster-config -mode master -secret foo ./splunk edit cluster-config -mode master -multisite true -auth admin:changeme ./splunk edit cluster-config -mode master -multisite true -site_replication_factor origin:2,site1:2,total:5 -site_search_factor origin:2,total:3 -site site1 -available_sites site1,site2 -auth admin:changeme -use_batch_mask_changes true ./splunk edit cluster-config -mode slave -master_uri https://server_name:port -secret foo ./splunk edit cluster-config -mode slave -site site2 './splunk edit cluster-master https://127.0.0.1:8089 -secret newtestsecret' './splunk edit cluster-master https://old_server_name:8089 -master_uri https://new_server_name:8089 './splunk edit cluster-master https://old_server_name:8089 -master_uri https://new_server_name:8089 -secret newsecret './splunk edit shcluster-common-encrypt -username admin -app search -config app -prefix credential:: -key password ./splunk edit shcluster-config -replication_port 4535 ./splunk edit shcluster-config -secret foo ./splunk edit shcluster-config -captain_uri https://server_name:port -secret foo ./splunk edit monitor /var/log -follow-only true ./splunk edit role role1 -capability edit_udp -capability edit_tcp -imported user -index main -index index1 -default_index index1 ./splunk edit licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 ./splunk edit licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 -append_slaves true ./splunk edit licenser-localslave -master_uri https://myhost:8089 ./splunk edit licenser-localslave -master_uri self ./splunk edit licenser-groups Foo -is_active 1 Type "help [command]" to get help with parameters for a specific command. Complete documentation is available online at: http://docs.splunk.com/Documentation
© Lightnetics 2024