Diagnosing and Resolving Problems

Diagnosing and Resolving Problems

If the Splunk system is not behaving as expected, it is possibly a problem caused by an edit to one of its configuration files. Perform following the steps:

1.Log into the Splunk server's command line using SSH.

2.Enter the /opt/splunk directory.

3.Perform a check of Splunk configuration files:

sudo bin/splunk btool check

4.If there is a problem with a file, try to fix it using the appropriate Splunk documentation until the command above exits with no complaints.

5.Restart the Splunk system to make sure it has picked up the fixes.