All,
Is it possible to run a search from the command line (linux) from just a random host on my network? Lets say I have a custom script that runs on a host and I'd like that script to take a certain action based on a count of a result from a search.
So I guess I am wondering if the universal forwarder can send searches back to the search head and return the results. If not, is there a way to handle this problem anyone is aware of?
Don't know if you can do it from a forwarder, but you certainly can from a full splunk;
http://docs.splunk.com/Documentation/Splunk/latest/Admin/AccessandusetheCLIonaremoteserver
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/AboutCLIsearches
Requires that you have the proper (not default) credentials though.
/K
If you make sure that the host can access port 8089 on the Splunk instance you want to search on, then sure! You can issue a search like this:
splunk search 'your search' -uri https://thesplunkinstancetosearch:8089
(standing in $SPLUNK_HOME/bin
, or having it in your path)
damn my slow editing 🙂