Security Offerings

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Documentation

Security Offerings

Security Offerings Contents

Splunk Asset and Risk Intelligence

Splunk Attack Analyzer

Splunk User Behavior Analytics

Administer

Start and stop Splunk UBA services from the command line

You can use some common command line interface (CLI) commands to perform the following administrative tasks in Splunk UBA:

Note: You must be logged in to the Splunk UBA management node as the caspida user to run these commands.


Task	CLI Commands
Stop and start the Splunk UBA web interface.	Run the following commands on the management node: `sudo service caspida-ui stop sudo service caspida-ui start`
Stop and start the resource monitor services.	Run the following commands on the management node: `sudo service caspida-resourcesmonitor stop sudo service caspida-resourcesmonitor start` You can also `tail` the resource monitor log files to help you troubleshoot: `tail -f /var/log/caspida/monitor/resourcesMonitor.out`
Synchronize configuration changes to all nodes in a distributed deployment.	In any distributed deployment, changes to the `/etc/caspida/local/conf/uba-site.properties` file must be synchronized to all nodes in the cluster. To do this, run the following command on the management node: `/opt/caspida/bin/Caspida sync-cluster /etc/caspida/local/conf` For information on setting Splunk UBA configuration properties, see Manage Splunk UBA configuration properties in the uba-site.properties file .
Stop and start Splunk UBA services only on all nodes. The following services are stopped: kafka-server caspida-jobmanager caspida-eventstore caspida-outputconnector caspida-jobagent caspida-ui caspida-offlinerulexec caspida-realtimetuleexec caspida-resourcemonitor caspida-sysmon spark-master spark-worker spark-history	Run the following command on the management node: `/opt/caspida/bin/Caspida stop /opt/caspida/bin/Caspida start`
Stop and start Splunk UBA services (listed with the `/opt/caspida/bin/Caspida stop/start` command) and all dependent platform services on all nodes: zookeeper-server hadoop-hdfs-namenode hadoop-hdfs-datanode hadoop-hdfs-secondarynamenode influxdb postgresql redis-server hive-metastore impala-state-store impala-catalog impala-server docker kubelet	Run the following command on the management node: `/opt/caspida/bin/Caspida stop-all /opt/caspida/bin/Caspida start-all`
Stop and start the Splunk UBA containers.	Run the following command on the management node: `/opt/caspida/bin/Caspida stop-containers /opt/caspida/bin/Caspida start-containers`
Stop and start the Splunk UBA data sources.	Run the following command on the management node: `/opt/caspida/bin/Caspida stop-datasources /opt/caspida/bin/Caspida start-datasources`
Check the version number of your Splunk UBA packages.	Run the following command on Ubuntu systems: `wget --version` Run the following command on other supported Linux systems: `rpm -qa \| grep wget`
Get a list of the nodes in your Splunk UBA cluster.	`grep caspida.cluster.nodes /opt/caspida/conf/deployment/caspida-deployment.conf`

Product Guides

User Behavior Analytics

Last updated: April 30, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.