automine

# Disable the default management listener which binds to 0.0.0.0
# And then set up a new listener that listens on the loopback

[httpServer]
disableDefaultPort = true

[httpServerListener:127.0.0.1:8089]
ssl=true

automine

Windows TA 5 Changes

Overview

There were changes made in the Splunk Add-on for Windows in version 5.0 which are very different from past versions. With this change, some apps may have issues, such as the Exchange App, Windows Infrastructure app (certain versions), and possibly others. Consultants should be aware of these changes when deciding which version to use with a customer. Below are the Splunk Add-on For Microsoft Windows 5.0.0 changes related to WinEventLog Sourcetypes that may impact Winfra/Exchange/ITSI apps.

Why these changes were made

1. Enhancing code robustness: clean up existing bugs, simplify maintainability, prepare add-on for further enhancements
2. Improve performance
3. Follow knowledge management best practices
4. Remove any unsupported functionality, such as wildcard sourcetyping
5. Produce well-structured code with a dedicated stanza per log format, instead of the previous mix

automine

version: '3'

services:
  splunksh:
    hostname: splunksh
    image: splunk/splunk:6.6.3
    environment:
      SPLUNK_START_ARGS: --accept-license --answer-yes --no-prompt
      OPTIMISTIC_ABOUT_FILE_LOCKING: '1'
    ports:

automine

#!/bin/sh

[ -d "/opt/splunk" ] && SPLUNKPATH="/opt/splunk"
[ -d "/opt/splunkforwarder" ] && SPLUNKPATH="/opt/splunkforwarder"

[ -f "$SPLUNKPATH/etc/system/local/inputs.conf" ] && rm -f $SPLUNKPATH/etc/system/local/inputs.conf
[ -f "$SPLUNKPATH/etc/system/local/outputs.conf" ] && rm -f $SPLUNKPATH/etc/system/local/outputs.conf
[ -f "$SPLUNKPATH/etc/system/local/deploymentclient.conf" ] && rm -f $SPLUNKPATH/etc/system/local/deploymentclient.conf

automine

@echo off
del /f /q "%SPLUNK_HOME%\etc\system\local\inputs.conf"
del /f /q "%SPLUNK_HOME%\etc\system\local\outputs.conf"
del /f /q "%SPLUNK_HOME%\etc\system\local\deploymentclient.conf"

automine

version: '3'

services:
  splunksh:
    hostname: splunksh
    image: splunk/splunk:7.0.3
    environment:
      SPLUNK_START_ARGS: --accept-license --answer-yes --no-prompt
      OPTIMISTIC_ABOUT_FILE_LOCKING: '1'
    ports:

automine

<dashboard>
  <label>Indexer Disk Usage</label>
  <row>
    <panel>
      <table>
        <title>Disk Usage by Indexer</title>
        <search>
          <query>| rest  /services/server/status/partitions-space splunk_server_group=dmc_group_indexer | search mount_point=/data/* | eval usage = capacity - free
| eval pct_usage = round(usage / capacity * 100, 2) | stats first(fs_type) as fs_type first(usage) as usage first(capacity) as capacity first(pct_usage) as pct_used by mount_point, splunk_server | eval splunk_server=lower(splunk_server)| table splunk_server mount_point usage capacity pct_used | sort splunk_server mount_point | addcoltotals | eval usage=round(usage/1024,2) | eval capacity=round(capacity/1024, 2) | rename usage AS "Usage (GB)" capacity AS "Capacity (GB)" splunk_server AS "Indexer" pct_used AS "Percent Used"</query>
          <earliest>$earliest$</earliest>

automine

### Keybase proof

I hereby claim:

  * I am automine on github.
  * I am automine (https://keybase.io/automine) on keybase.
  * I have a public key ASAmDeG-PDoFrJlOu7uUikMRDlxvi6D4m6k0y-xTxe0R3Qo

To claim this, I am signing this object:

automine

Keybase proof

I hereby claim:

• I am automine on github.
• I am automine (https://keybase.io/automine) on keybase.
• I have a public key ASBsDDTfSgZw2aFLr6eiXjejbCE7rpGcUFJC1SjCYl240Qo

To claim this, I am signing this object:

automine

[host::10.200.12.115]
TRANSFORMS-rewrite_windows_security = rewrite_windows_security