You are on page 1of 3

c

Each instance of Splunk that does any indexing must have its own license.
d Stop Splunk: R  
À ×opy î 

  
R

to
î 

 R


 Start Splunk: R 
his license does not limit how much data you can forward from that machine.
o install or update your license using the × :
d ×reate a new file named R

.
À ×opy your new license key and paste it into R

.
 ½ove your license file, R

, into the î 

 directory:
R

î 


›   

      
  
 

u ½ultiple user accounts and role-based access controls
u Distributed search
Forwarding in × formats (you can forward data to other Splunk instances, but not to
non-Splunk instances)
u Deployment management (including for clients)
u Scheduled saved searches (including summary indexing) and alertingmonitoringc

 
   c
¦pen a Web browser and navigate to |  | .
o change the splunk web service port:
From the  
directory: 

  
u o change the splunkd port:
From the  
directory: 
  
0

 
 |
  |


   
  

R
  


 
|
 
  
  
 !  

  

R
 

  |
 
  

R
 

  | 



 
|
 
 

  
 !  

  

R
"    
  | |
      

R  
 


R 

  
J |


   |
  
R
 
 


 |
 #
 

  

R

   
 

  

 
   #
 
 

 R   
R
  R   
R

  ›  
From the System configurations area, you can manage:
System settings: ½anage system settings including ports, host name, index path, email server
settings (for alerts), and system logging.
u Server controls: Restart Splunk.
u icense: View license usage statistics and apply a new license.
u Data inputs: Add data to Splunk from scripts, files, directories, and network ports.
u Forwarding and receiving: ×onfigure this Splunk instance to send or receive data.
u ndexes: ×reate new indexes and manage index size preferences.
Access controls: Specify authentication method (Splunk or DA), create or modify users, and
manage roles.
u Distributed search: Set up distributed search across multiple Splunk instances.
u Deployment: Deploy and manage configuration settings across multiple Splunk instances.
u User options: ½anage user settings, including passwords and email addresses.
m 


From the Apps and knowledge area, you can manage:
Apps: Edit permissions for installed apps, create new apps, or browse Splunkbase for apps
created by the community.
Searches and reports: View, edit, and set permissions on searches and reports. Set up alerts
and summary indexing.
u Event types: View, edit, and set permissions on event types.
u ags: ½anage tags on field values.
Fields: View, edit, and set permissions on field extractions. Define event workflow actions and
field aliases. Rename sourcetypes.
u ookups: ×onfigure lookup tables and lookups.
u User interface: ×reate and edit views, dashboards, and navigation menus.
u Advanced search: ×reate and edit search macros. Set permissions on search commands.
u All configurations: See all configurations across all apps.

0 Do not edit the default copy of any conf file in


î 

 
 
 . ½ake a copy of the file in
î 

 
   or î 

  $
%  and
edit that copy.
File urpose
admon.conf-- ×onfigure Windows active directory monitoring.
alert_actions.conf ×ustomize Splunk's global alerting actions.
app.conf ×onfigure your custom app.
audit.conf ×onfigure auditing and event hashing.
authentication.conf--oggle between Splunk's built-in authentication or DA, and configure
DA.
authorize.conf-- ×onfigure roles, including granular access controls.
commands.conf ×onnect search commands to any custom search script.
crawl.conf ×onfigure crawl to find new data sources.
default.meta.conf A template file for use in creating app-specific default.meta files.
deploymentclient.conf Specify behavior for clients of the deployment server.
distsearch.conf Specify behavior for distributed search.
eventdiscoverer.conf Set terms to ignore for typelearner (event discovery).
event_renderers.conf ×onfigure event-rendering properties.
eventtypes.conf--- ×reate event type definitions.
fields.conf ×reate multivalue fields and add search capability for indexed fields.
indexes.conf-- ½anage and configure index settings.
inputs.conf-- Set up data inputs.
limits.conf-- Set various limits (such as maximum result size or concurrent real-time
searches) for search commands.
literals.conf ×ustomize the text, such as search error strings, displayed in Splunk Web.
macros.conf Define search language macros.
multikv.conf ×onfigure extraction rules for table-like events (ps, netstat, ls).
outputs.conf-- Set up forwarding, routing, cloning and data balancing.
pdf_server.conf ×onfigure the Splunkpdf server.
procmon-filters.conf ½onitor Windows process data.
props.conf
Set indexing property configurations, including timezone offset, custom
sourcetype rules, and pattern collision priorities. Also, map transforms to
event properties.
pubsub.conf-- Define a custom client of the deployment server.
regmon-filters.conf ×reate filters for Windows registry monitoring.
report_server.conf ×onfigure the report server.
restmap.conf ×onfigure RES endpoints.
savedsearches.conf Define saved searches and their associated schedules and alerts.
searchbnf.conf ×onfigure the search assistant.
segmenters.conf ×ustomize segmentation rules for indexed events.
server.conf Enable -- SS for Splunk's back-end and specify certification locations.
serverclass.conf Define deployment server classes for use with deployment server.
serverclass.seed.xml.conf ×onfigure how to seed a deployment client with apps at start-up time.
source-classifier.conf erms to ignore (such as sensitive data) when creating a sourcetype.
sourcetypes.conf ½achine-generated file that stores sourcetype learning rules created by
sourcetype training.
sysmon.conf Set up Windows registry monitoring.
tags.conf ×onfigure tags for fields.
tenants.conf ×onfigure deployments in multi-tenant environments.
times.conf Define custom time ranges for use in the Search app.
transactiontypes.conf Add additional transaction types for transaction search.
transforms.conf ×onfigure regex transformations to perform on data inputs. Use in tandem
withprops.conf.
user-seed.conf Set a default user and password.
web.conf -- ×onfigure Splunk Web, enable S.
wmi.conf Set up Windows management instrumentation (W½) inputs.
workflow_actions.conf-- ×onfigure workflow actions.