Splunk® User Behavior Analytics

Administer Splunk User Behavior Analytics

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Start and stop Splunk UBA services from the command line

Use some common command line interface (CLI) commands to perform administrative tasks in Splunk UBA.

To run these commands, log in to the Splunk UBA management node as the caspida user.

Task CLI Commands
Stop and start the Splunk UBA web interface. Run the following commands on the management node: 
sudo service caspida-ui stop
sudo service caspida-ui start
Stop and start the resource monitor services. Run the following commands on the management node: 
sudo service caspida-resourcesmonitor stop
sudo service caspida-resourcesmonitor start

You can also tail the resource monitor log files to help you troubleshoot: 

tail -f /var/log/caspida/monitor/resourcesMonitor.out
Synchronize configuration changes to all nodes in a distributed deployment. In any distributed deployment, changes to the /etc/caspida/local/conf/uba-site.properties file must be synchronized to all nodes in the cluster. To do this, run the following command on the management node: 
/opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf

See Manage Splunk UBA configuration properties in the uba-site.properties file for information about setting Splunk UBA configuration properties.

Stop and start Splunk UBA services only on all nodes. The following services are stopped:
  • kafka-server
  • caspida-jobmanager
  • caspida-eventstore
  • caspida-outputconnector
  • caspida-jobagent
  • caspida-ui
  • caspida-offlinerulexec
  • caspida-realtimetuleexec
  • caspida-resourcemonitor
  • caspida-sysmon
  • spark-master
  • spark-worker
  • spark-history
 Run the following command on the management node: 
/opt/caspida/bin/Caspida stop
/opt/caspida/bin/Caspida start
Stop and start Splunk UBA services (listed with the /opt/caspida/bin/Caspida stop/start command) and all dependent platform services on all nodes:
  • zookeeper-server
  • hadoop-hdfs-namenode
  • hadoop-hdfs-datanode
  • hadoop-hdfs-secondarynamenode
  • influxdb
  • postgresql
  • redis-server
  • hive-metastore
  • impala-state-store
  • impala-catalog
  • impala-server
  • docker
  • kubelet
 Run the following command on the management node: 
/opt/caspida/bin/Caspida stop-all
/opt/caspida/bin/Caspida start-all
Stop and start the Splunk UBA containers. Run the following command on the management node: 
/opt/caspida/bin/Caspida stop-containers
/opt/caspida/bin/Caspida start-containers
Stop and start the Splunk UBA data sources. Run the following command on the management node: 
/opt/caspida/bin/Caspida stop-datasources
/opt/caspida/bin/Caspida start-datasources
Check the version number of your Splunk UBA packages. Run the following command on Ubuntu systems: 
wget --version

Run the following command on other supported Linux systems: 

rpm -qa | grep wget
Get a list of the nodes in your Splunk UBA cluster. 
grep caspida.cluster.nodes /opt/caspida/conf/deployment/caspida-deployment.conf
Last modified on 08 April, 2021
PREVIOUS
Determine which version of Splunk UBA you are running 		  NEXT
Manage Splunk UBA configuration properties in the uba-site.properties file

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters