From: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverclassconf restartSplunkd = <boolean> * If true, restarts splunkd on the client when a member app or a directly configured app is updated. * Can be overridden at the serverClass level and the serverClass:app level. * Default: false issueReload = <boolean> * If true, triggers a reload of internal processors at the client when a member app or a directly configured app is updated. * If you don't want to immediately start using an app that is pushed to a client, you should set this to false. * Default: false Here you have the behavior of combining the options: https://docs.splunk.com/Documentation/Splunk/8.0.6/Updating/Useserverclass.conf Interaction of restartSplunkd and issueReload The behavior of the client varies depending on the settings of restartSplunkd and issueReload. These are the options: issueReload restartSplunkd Behavior true false Reload only. No restart. It might be necessary to issue a manual restart to fully activate the downloaded apps. true true Client reloads. If some app components require a restart to activate, the client restarts. false false The downloaded apps are not activated. false true The client always restarts after app updates.   ... View more

Yup that one works as intended! Thanks ... View more

Worked for me! Thanks ... View more

That works really well, thanks! ... View more

If you want to renew MongoDB certificates on Windows, this is the command you need: C:\'Program Files'\Splunk\bin\splunk createssl server-cert -d C:\'Program Files'\Splunk\etc\auth -n server **** -c -l 2048 replace by the actual hostname of the server and it's done! ... View more

-debug and -app ... View more

The app needs to be shares globally before you can share you extractions globally too. ... View more

The file name should be collections.conf instead of collection.conf ... View more

But it shouldn't need those files, since the nessus_plugin_lookup points to nessus_plugin.csv ... View more

Me too! Thanks! ... View more