Deployment Architecture

What changed that's requiring a restart?

bdruth
Path Finder

We're seeing a banner indicating that a restart is required to make changes effective. But nobody knows what changed (the users with admin rights appear to not have made any changes). Before restarting (and potentially breaking something), is there a way to know what change Splunk thinks it needs to restart for?

Tags (2)

fk319
Builder

Is there a place that shows what could have been changed?

0 Karma

Genti
Splunk Employee
Splunk Employee

you could try a ls on the config files and sort by modified date. But i think it is almost impossible to know for certain what config changed. Unless you have fschange on splunk config files..

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

this change is triggered by actions in the UI, not by modifications of config per se. So it is possible that config might not have been changed, or changed and changed back, or changed innocuously. (e.g., doing a "save" on any index editing screen, even without making changes) will cause this banner to appear.

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...