Deployment Architecture

What's the least installed to allow remote execution of CLI?

jchensor
Communicator

Hello, all!

As a "TL;DR" to get right to the point, my main question is this:

What is the minimum needed to be installed on a machine to be able to remotely execute the Splunk CLI on another machine, such as on a Splunk Search Head?

For the whole story:

I am currently trying to execute the Splunk CLI remotely. I have tested it from a machine with Splunk installed on it (a Deployment Server box) and am able to execute the command remotely just fine.

However, the user that needs this has only access to machines with a Splunk Universal Forwarder. So when I try to execute the command there, I get the message:

"The object 'search' is not supported on this installation."

So it seems as though a Universal Forwarder does not have the capabilities to execute this command. This makes sense as the Forwarder has no search capabilities, though I am just Forwarding the command to a remote machine. However, on this page of Splunk Docs:

http://docs.splunk.com/Documentation/Splunk/latest/Developer/UseRemoteCLI

Is says:

"You can also use the CLI, remotely. You can even do this from a server that isn't running Splunk."

That sounds like they mean I can execute this on a machine that doesn't even have Splunk on it! However, I do believe what they really mean is "a machine with Splunk installed, but not necessarily with the Splunk Service / Web running." Then, later in the same page, it says:

"If you are running Splunk Free (no login credentials), remote access is disabled by default and..."

I assume that by "Splunk Free" they are referring to just installing Standalone Splunk with no license, correct? There's no other version of Splunk other than Splunk itself and the lighter weight Universal Forwarder, correct?

So again, back to the main question: what is the minimum needed to be installed onto a machine to allow myself to execute a remote Splunk CLI on, say, a Search Head?

And for now, I am assuming the answer is: an entire instance of Splunk Standalone must be installed. Is this correct?

Thanks!

  • James
Tags (2)
1 Solution

RubenOlsen
Path Finder

At a client site we have solved this as you assume: A full standalone version of Splunk.

We have not bothered to spend any time with removing code from the standalone version just to minimize the number of files / disk space for running remote Splunk CLI sessions. However - I guess you could try to rip away most of the files and still get the CLI to work properly.

\Ruben

View solution in original post

0 Karma

Leo
Splunk Employee
Splunk Employee

You may take a look at this app: Web Terminal for Splunk. With it you will be able to work with Splunk CLI on the remote server right through your browser. It will save you from installing the full version of Splunk just for this simple task.

0 Karma

RubenOlsen
Path Finder

At a client site we have solved this as you assume: A full standalone version of Splunk.

We have not bothered to spend any time with removing code from the standalone version just to minimize the number of files / disk space for running remote Splunk CLI sessions. However - I guess you could try to rip away most of the files and still get the CLI to work properly.

\Ruben

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...