Application Management
Refer to the following sections for queries related to application management.
Remove the Application
Follow these steps to remove the application.
- Stop Qualys App for Splunk Enterprise:
$SPLUNK_HOME/bin/splunk stop - Remove Qualys App for Splunk Enterprise:
$SPLUNK_HOME/bin/splunk remove app TA-QualysCloudPlatform -auth username:password
To remove the TA app from Splunk Cloud, raise a ticket with Splunk Support.
Utility Script to Clean up Left-over XML and PID Files
Sometimes orphan XML files are found in TA-DIR/tmp directory when errors occur in TA such as calling API, getting response stream or parsing API response. When running the utility, you can use command line options to specify input data for cleaning up XML files. The utility deletes all XML files related to selected data inputs, except those associated with running TA processes.
Example 1
Help: Use the following command to learn how to use the utility script for specific data inputs.
my-user@my-host:$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform# $SPLUNK_HOME/bin/splunk cmd python ./bin/cleanup.py --help
Example 2
Delete Host Detection and WAS Findings XML
my-user@my-host:$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform# $SPLUNK_HOME/bin/splunk cmd python ./bin/cleanup.py --hd --was
Example 3
Delete XML files belonging to all data inputs
my-user@my-host:$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform# $SPLUNK_HOME/bin/splunk cmd python ./bin/cleanup.py --all
Know Important File Paths in Splunk
|
File |
Path |
|---|---|
|
Index |
$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform/default/eventtype.conf |
|
KB lookup |
$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform/lookups/qualys_kb.csv |
|
API Credential |
$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform/local/passwords.conf |
|
Qualys TA Configuration |
$SPLUNK_HOME/etc/apps/TA-QualysCloudPlatform/local/qualys.conf |
|
Qualys TA log |
$SPLUNK_HOME/var/log/splunk/ta_QualysCloudPlatform.log |
|
Check point |
$SPLUNK_HOME/var/lib/splunk/modinputs/qualys |