1: 显示加密密码:
答案:/opt/splunk/bin/splunk show-decrypted --value '$xxxxxxxxxxxxxxx'
2: splunk SSO 失效,不能登入VIP : https://abc.com
答案: https://abc.com/en-US/account/login?loginType=splunk
3: 显示登入两个不同Splunk URL 的用户的PSL:
答案:(两个URL 后台数据是一样的,但是就是search head 不一样:下面server 替换成不同URL的 search head servers)
index=_audit host IN (serverA1, serverA2, serverA3)
| stats count by user
4:splunk cluster 显示 index name (CM 上查看):
答案:在CM : /opt/splunk/etc/master-servers/_cluster/local/indexes.conf:
indexes.conf
[default]