Start and stop Splunk UBA services from the command line
You can use some common command line interface (CLI) commands to perform the following administrative tasks in Splunk UBA:
You must be logged in to the Splunk UBA management node as the caspida user to run these commands.
Task | CLI Commands |
---|---|
Stop and start the Splunk UBA web interface. | Run the following commands on the management node:
sudo service caspida-ui stop sudo service caspida-ui start |
Stop and start the resource monitor services. | Run the following commands on the management node:
sudo service caspida-resourcesmonitor stop sudo service caspida-resourcesmonitor start You can also tail -f /var/log/caspida/monitor/resourcesMonitor.out |
Synchronize configuration changes to all nodes in a distributed deployment. | In any distributed deployment, changes to the /etc/caspida/local/conf/uba-site.properties file must be synchronized to all nodes in the cluster. To do this, run the following command on the management node:
/opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf For information on setting Splunk UBA configuration properties, see Manage Splunk UBA configuration properties in the uba-site.properties file . |
Stop and start Splunk UBA services only on all nodes. The following services are stopped:
|
Run the following command on the management node:
/opt/caspida/bin/Caspida stop /opt/caspida/bin/Caspida start |
Stop and start Splunk UBA services (listed with the /opt/caspida/bin/Caspida stop/start command) and all dependent platform services on all nodes:
|
Run the following command on the management node:
/opt/caspida/bin/Caspida stop-all /opt/caspida/bin/Caspida start-all |
Stop and start the Splunk UBA containers. | Run the following command on the management node:
/opt/caspida/bin/Caspida stop-containers /opt/caspida/bin/Caspida start-containers |
Stop and start the Splunk UBA data sources. | Run the following command on the management node:
/opt/caspida/bin/Caspida stop-datasources /opt/caspida/bin/Caspida start-datasources |
Check the version number of your Splunk UBA packages. | Run the following command on Ubuntu systems:
wget --version Run the following command on other supported Linux systems: rpm -qa | grep wget |
Get a list of the nodes in your Splunk UBA cluster. | grep caspida.cluster.nodes /opt/caspida/conf/deployment/caspida-deployment.conf |
Determine which version of Splunk UBA you are running | Manage Splunk UBA configuration properties in the uba-site.properties file |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1
Feedback submitted, thanks!