#!/bin/bash echo $(date "+%F %T") warns=$(/opt/splunk/bin/splunk list licenser-messages -auth username:password |grep license_window -A4|grep WARN|wc -l) if [ $warns -gt 3 ];then installflag=1 /opt/splunk/bin/splunk stop rpm -e splunk-6.1.3-220630 ls /opt/splunk/ |egrep -v "etc|var" |xargs rm -rf cd /opt/splunk/var/lib/splunk/ rm -rf `ls /opt/splunk/var/lib/splunk/|grep -v your_index` rpm -ivh /root/sh/splunk-6.1.3-220630-linux-2.6-x86_64.rpm expect <<EOF spawn /opt/splunk/bin/splunk start expect "" send "q\r" expect "" send "y\r" expect "" send "y\r" expect eof EOF /opt/splunk/bin/splunk restart echo current warns $warns overload echo "Reinstall is successful!" else echo current warns $warns, or password is wrong! fi
crontab -e
0 1 * * * /root/sh/splunk_reinstall.sh >> /tmp/splunk_reinstall.log 2>&1
由于splink index有500MB限制(超过500MB)只能用5天,so,每4天重装一次(索引保留),这样每天都超500MB,但一直不超过5天
本文出自 “周发永” 博客,谢绝转载!
原文地址:http://zhoufayong.blog.51cto.com/866021/1636535
