Security

When you run /debug/refresh, what does it refresh?

YungLee
Engager

When you run the following 

https://<IP Address of Splunk instance>:<PortNumber>/en-US/debug/refresh 

What exactly do you refresh?

E.g. Indexes.conf, reading for new applications installed into splunk?

Is there a page where i can reference as to what it does, and a list of what it refreshes.

Thank you in advance for any help provided.

Labels (1)
0 Karma
1 Solution

Azeemering
Builder

Debug/refresh forces a refresh on splunkd resources.

This method calls a splunkd refresh on all registered EAI handlers that
advertise a reload function. Alternate entities can be specified by appending
them via URI parameters. For example,

http://localhost:8000/debug/refresh?entity=admin/conf-times&entity=data/ui/manager

will request a refresh on only 'admin/conf-times' and 'data/ui/manager'.

1) not all splunkd endpoints support refreshing.
2) auth-services is excluded from the default set, as refreshing that system will
logout the current user; use the 'entity' param to force it
3) remote_index endpoint is configured for CLI use as it requires APP Name and APP Location to be passed to it as arguments
'''
When you debuf refresh you also get an output that shows you which entities are refreshed like the example below: 

Refreshing admin/conf-times OK
Refreshing data/ui/manager OK
Refreshing data/ui/nav OK
Refreshing data/ui/views OK
Refreshing admin/alert_actions OK
Refreshing admin/aperture OK
Refreshing admin/app_imports_update OK
Refreshing admin/app_permissions_managerOK
Refreshing admin/applicense BadRequest Application license status is only available on cluster captain.
Refreshing admin/autofocus_export OK
Refreshing admin/bookmarks-mc OK
Refreshing admin/clusterconfig BadRequest Cannot edit this searchhead. Use 'splunk edit cluster-master' to edit information for this searchhead.
Refreshing admin/clustersearchheadconfigOK
Refreshing admin/collections-conf OK
Refreshing admin/commandsconf OK
Refreshing admin/conf-checklist OK
Refreshing admin/conf-deploymentclient OK
Refreshing admin/conf-federated OK
Refreshing admin/conf-inputs OK
Refreshing admin/conf-times OK
Refreshing admin/conf-wmi OK
Refreshing admin/configuration_check OK
Refreshing admin/cooked OK
Refreshing admin/cortex_xdr OK
Refreshing admin/crl OK
Refreshing admin/data_migrator OK
Refreshing admin/datamodel-files OK
Refreshing admin/datamodelacceleration OK
Refreshing admin/datamodeledit OK
Refreshing admin/dataset_consolidation_datamodeleditOK
Refreshing admin/deploymentserver OK
Refreshing admin/distsearch-peer OK
Refreshing admin/dm_accel_settings OK
Refreshing admin/es_investigations OK
Refreshing admin/ess_content_importer OK
Refreshing admin/eventtypes OK
Refreshing admin/fieldaliases OK
Refreshing admin/fields OK
Refreshing admin/fifo OK
Refreshing admin/fvtags OK
Refreshing admin/global-banner OK
Refreshing admin/governance OK
Refreshing admin/health-report-config OK
Refreshing admin/http OK
Refreshing admin/identity_manager OK
Refreshing admin/indexer-discovery-configOK
Refreshing admin/indexes OK
Refreshing admin/iot_security OK
Refreshing admin/journald OK
Refreshing admin/limits OK
Refreshing admin/livetail OK
Refreshing admin/log_review OK
Refreshing admin/lookup-table-files OK
Refreshing admin/lookup_retention OK
Refreshing admin/macros OK
Refreshing admin/managed_lookups OK
Refreshing admin/managed_nav OK
Refreshing admin/manager OK
Refreshing admin/messages-conf OK
Refreshing admin/metric-schema OK
Refreshing admin/metric-schema-reload OK
Refreshing admin/metric_alerts OK
Refreshing admin/metrics-reload OK
Refreshing admin/metricstore_rollup OK
Refreshing admin/minemeld_feed OK
Refreshing admin/modalerts OK
Refreshing admin/monitor OK
Refreshing admin/nav OK
Refreshing admin/panels OK
Refreshing admin/passwords OK
Refreshing admin/pools OK
Refreshing admin/props-eval OK
Refreshing admin/props-extract OK
Refreshing admin/props-lookup OK
Refreshing admin/proxysettings OK
Refreshing admin/qualys OK
Refreshing admin/raw OK
Refreshing admin/relaymodaction OK
Refreshing admin/remote_eventlogs OK
Refreshing admin/remote_monitor OK
Refreshing admin/remote_perfmon OK
Refreshing admin/remote_raw OK
Refreshing admin/remote_script OK
Refreshing admin/remote_udp OK
Refreshing admin/reviewstatuses OK
Refreshing admin/risk_factors OK
Refreshing admin/savedsearch OK
Refreshing admin/scheduledviews OK
Refreshing admin/script OK
Refreshing admin/search-head-bundles OK
Refreshing admin/sequence_templates OK
Refreshing admin/serverclasses OK
Refreshing admin/shclusterconfig OK
Refreshing admin/sourcetype-rename OK
Refreshing admin/sourcetypes OK
Refreshing admin/splunktcptoken OK
Refreshing admin/ssl OK
Refreshing admin/suppressions OK
Refreshing admin/syslog OK
Refreshing admin/tags OK
Refreshing admin/tcpout-default OK
Refreshing admin/tcpout-group OK
Refreshing admin/tcpout-server OK
Refreshing admin/telemetry OK
Refreshing admin/threatlist OK
Refreshing admin/threatmatch OK
Refreshing admin/transforms-extract OK
Refreshing admin/transforms-lookup OK
Refreshing admin/transforms-reload OK
Refreshing admin/transforms-statsd OK
Refreshing admin/udp OK
Refreshing admin/ui-prefs OK
Refreshing admin/ui-tour OK
Refreshing admin/views OK
Refreshing admin/viewstates OK
Refreshing admin/visualizations OK
Refreshing admin/vix-indexes OK
Refreshing admin/vix-providers OK
Refreshing admin/whois OK
Refreshing admin/workflow-actions OK
Refreshing admin/workload-categories OK
Refreshing admin/workload-config OK
Refreshing admin/workload-policy OK
Refreshing admin/workload-pools OK
Refreshing admin/workload-rules OK
DONE

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I think that this explains that https://dev.splunk.com/enterprise/docs/developapps/manageknowledge/assetcaching/

Basically it refresh quite a many content of .conf files, but not all.

r. Ismo 

0 Karma

Azeemering
Builder

Debug/refresh forces a refresh on splunkd resources.

This method calls a splunkd refresh on all registered EAI handlers that
advertise a reload function. Alternate entities can be specified by appending
them via URI parameters. For example,

http://localhost:8000/debug/refresh?entity=admin/conf-times&entity=data/ui/manager

will request a refresh on only 'admin/conf-times' and 'data/ui/manager'.

1) not all splunkd endpoints support refreshing.
2) auth-services is excluded from the default set, as refreshing that system will
logout the current user; use the 'entity' param to force it
3) remote_index endpoint is configured for CLI use as it requires APP Name and APP Location to be passed to it as arguments
'''
When you debuf refresh you also get an output that shows you which entities are refreshed like the example below: 

Refreshing admin/conf-times OK
Refreshing data/ui/manager OK
Refreshing data/ui/nav OK
Refreshing data/ui/views OK
Refreshing admin/alert_actions OK
Refreshing admin/aperture OK
Refreshing admin/app_imports_update OK
Refreshing admin/app_permissions_managerOK
Refreshing admin/applicense BadRequest Application license status is only available on cluster captain.
Refreshing admin/autofocus_export OK
Refreshing admin/bookmarks-mc OK
Refreshing admin/clusterconfig BadRequest Cannot edit this searchhead. Use 'splunk edit cluster-master' to edit information for this searchhead.
Refreshing admin/clustersearchheadconfigOK
Refreshing admin/collections-conf OK
Refreshing admin/commandsconf OK
Refreshing admin/conf-checklist OK
Refreshing admin/conf-deploymentclient OK
Refreshing admin/conf-federated OK
Refreshing admin/conf-inputs OK
Refreshing admin/conf-times OK
Refreshing admin/conf-wmi OK
Refreshing admin/configuration_check OK
Refreshing admin/cooked OK
Refreshing admin/cortex_xdr OK
Refreshing admin/crl OK
Refreshing admin/data_migrator OK
Refreshing admin/datamodel-files OK
Refreshing admin/datamodelacceleration OK
Refreshing admin/datamodeledit OK
Refreshing admin/dataset_consolidation_datamodeleditOK
Refreshing admin/deploymentserver OK
Refreshing admin/distsearch-peer OK
Refreshing admin/dm_accel_settings OK
Refreshing admin/es_investigations OK
Refreshing admin/ess_content_importer OK
Refreshing admin/eventtypes OK
Refreshing admin/fieldaliases OK
Refreshing admin/fields OK
Refreshing admin/fifo OK
Refreshing admin/fvtags OK
Refreshing admin/global-banner OK
Refreshing admin/governance OK
Refreshing admin/health-report-config OK
Refreshing admin/http OK
Refreshing admin/identity_manager OK
Refreshing admin/indexer-discovery-configOK
Refreshing admin/indexes OK
Refreshing admin/iot_security OK
Refreshing admin/journald OK
Refreshing admin/limits OK
Refreshing admin/livetail OK
Refreshing admin/log_review OK
Refreshing admin/lookup-table-files OK
Refreshing admin/lookup_retention OK
Refreshing admin/macros OK
Refreshing admin/managed_lookups OK
Refreshing admin/managed_nav OK
Refreshing admin/manager OK
Refreshing admin/messages-conf OK
Refreshing admin/metric-schema OK
Refreshing admin/metric-schema-reload OK
Refreshing admin/metric_alerts OK
Refreshing admin/metrics-reload OK
Refreshing admin/metricstore_rollup OK
Refreshing admin/minemeld_feed OK
Refreshing admin/modalerts OK
Refreshing admin/monitor OK
Refreshing admin/nav OK
Refreshing admin/panels OK
Refreshing admin/passwords OK
Refreshing admin/pools OK
Refreshing admin/props-eval OK
Refreshing admin/props-extract OK
Refreshing admin/props-lookup OK
Refreshing admin/proxysettings OK
Refreshing admin/qualys OK
Refreshing admin/raw OK
Refreshing admin/relaymodaction OK
Refreshing admin/remote_eventlogs OK
Refreshing admin/remote_monitor OK
Refreshing admin/remote_perfmon OK
Refreshing admin/remote_raw OK
Refreshing admin/remote_script OK
Refreshing admin/remote_udp OK
Refreshing admin/reviewstatuses OK
Refreshing admin/risk_factors OK
Refreshing admin/savedsearch OK
Refreshing admin/scheduledviews OK
Refreshing admin/script OK
Refreshing admin/search-head-bundles OK
Refreshing admin/sequence_templates OK
Refreshing admin/serverclasses OK
Refreshing admin/shclusterconfig OK
Refreshing admin/sourcetype-rename OK
Refreshing admin/sourcetypes OK
Refreshing admin/splunktcptoken OK
Refreshing admin/ssl OK
Refreshing admin/suppressions OK
Refreshing admin/syslog OK
Refreshing admin/tags OK
Refreshing admin/tcpout-default OK
Refreshing admin/tcpout-group OK
Refreshing admin/tcpout-server OK
Refreshing admin/telemetry OK
Refreshing admin/threatlist OK
Refreshing admin/threatmatch OK
Refreshing admin/transforms-extract OK
Refreshing admin/transforms-lookup OK
Refreshing admin/transforms-reload OK
Refreshing admin/transforms-statsd OK
Refreshing admin/udp OK
Refreshing admin/ui-prefs OK
Refreshing admin/ui-tour OK
Refreshing admin/views OK
Refreshing admin/viewstates OK
Refreshing admin/visualizations OK
Refreshing admin/vix-indexes OK
Refreshing admin/vix-providers OK
Refreshing admin/whois OK
Refreshing admin/workflow-actions OK
Refreshing admin/workload-categories OK
Refreshing admin/workload-config OK
Refreshing admin/workload-policy OK
Refreshing admin/workload-pools OK
Refreshing admin/workload-rules OK
DONE

0 Karma

YungLee
Engager

Would also like to know where can i find the reference for what this (data/ui/manager) actually refers to.

So that i can know exactly what is being reloaded.

0 Karma

YungLee
Engager

Thank you for the detailed answer!!

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...