This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6
Caution: DO NOT use these commands without consulting Splunk support first.
Cmd line modification and listing of bundles.
Add
./splunk cmd btool application name add
Delete
./splunk cmd btool application name delete [prefix] [entry]
List
./splunk cmd btool application name list [prefix]
Using logging configuration at /Applications/splunk/etc/log-cmdline.cfg.
Allows exporting of raw data from a specific index bucket, data can be exported in raw or csv formats.
./splunk cmd exporttool
./splunk cmd exporttool db_directory export_dir [export_search [-csv]]
| application name | |
| prefix | |
| entry |
./splunk cmd locktool
Usage :
lock : [-l | --lock ] [dirToLock] <timeOutSecs>
unlock [-u | --unlock ] [dirToUnlock] <timeOutSecs>
Acquires and releases locks in the same manner as splunkd. If you were to write an external script to copy db buckets in and out of indexes you should acqure locks on the db colddb and thaweddb directories as you are modifying them and release the locks when you are done.
./splunk cmd signtool
Using logging configuration at /Applications/splunk/etc/log-cmdline.cfg.
Usage :
sign : [ -s | --sign ] [dirtosign]
verify : [-v | --verify] [dirtoverify]
Allows verification and signing splunk index buckets. If you have signing set up in a cold to frozen script. Signtool allows you to verify the signatures of your archives.