Topics

| pdf version

Welcome

What to do first

Start Splunk

Meet Splunk Web and Splunk Apps

Before you configure

Add data and configure inputs

Indexing and event processing

Timestamps

Add and manage users

Manage indexes

Define alerts

Set up backups and retention policies

Configure data security

Set up forwarding and receiving

Deploy to other Splunk instances

Set up distributed search

Manage search jobs

Use Splunk's command line interface (CLI)

Configuration file reference

Troubleshooting


Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

How you can configure

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10

How you can configure

You can configure Splunk in the following ways:

  • by editing configuration files
  • by using Splunk Manager in Splunk Web
  • by using the Splunk CLI

All three methods ultimately change the contents of the configuration files described below.

Configuration files

Most of Splunk's configuration information is stored in .conf files. These files are located under your Splunk installation directory (usually referred to in the documentation as $SPLUNK_HOME) under /etc/system. You can make changes to these files using a standard text editor. Before you begin editing configuration files, read the material in the topic called About configuration files.

Splunk Manager

You can do most common configuration tasks via Splunk Manager in Splunk Web, the Web UI provided with Splunk. Splunk Web runs by default on port 8000 of the host on which it is installed.

  • If you're running Splunk on your local machine, the URL to access Splunk Web is http://localhost:8000
  • If you're running Splunk on a different machine, the URL to access Splunk Web is http://<hostname>:8000

where <hostname> is the name of the machine Splunk is running on.

To access Splunk Manager, log into Splunk Web and click Manager in the upper right hand corner.

Splunk CLI

Many configuration options are available via the CLI. These options are documented in their respective topics, or you can get a complete CLI help reference by using the command help. Access the default CLI help page by typing the following in the command line while Splunk is running: 

./splunk help

For more information about the CLI, refer to "About the CLI" in this manual.

Restarting after configuration changes

Many configuration file changes require you to restart Splunk. Check the configuration file and/or its documentation reference topic to see if a change you make requires you to restart Splunk.

Changes you make in Manager will let you know if you have to restart.

The following changes require additional or different actions before they will take effect:

  • Enable configuration changes made to transforms.conf and props.conf by typing the following search in Splunk Web:
| extract reload=TSearch
  • Bounce authentication.conf via the Manager > Authentication section of Splunk Web.
Retrieved from "http://www.splunk.com/base/Documentation/4.0.4/Admin/Howyoucanconfigure"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.