Splunk Enterprise

Does Splunk need a restart after a change to log.cfg?

splunkemly
New Member

Currently, we have this in /opt/splunkforwarder/etc/log.cfg:

appender.A1.fileName=${SPLUNK_HOME}/var/log/splunk/splunkd.log 

I want to change the logging location to /var/log and wondering if it can be done by doing this:

appender.A1.fileName=/var/log/splunk/splunkd.log

If so, Does splunk need to be restarted after this change to log.cfg?

0 Karma

renjith_nair
Legend

For any manual change in configs, splunk needs a restart

Ref : http://docs.splunk.com/Documentation/Splunk/6.2.0/Troubleshooting/Enabledebuglogging

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...