Splunk Search

Splunk Searches from the command line not on a search head

daniel333
Builder

All,

Is it possible to run a search from the command line (linux) from just a random host on my network? Lets say I have a custom script that runs on a host and I'd like that script to take a certain action based on a count of a result from a search.

So I guess I am wondering if the universal forwarder can send searches back to the search head and return the results. If not, is there a way to handle this problem anyone is aware of?

0 Karma

kristian_kolb
Ultra Champion

Don't know if you can do it from a forwarder, but you certainly can from a full splunk;

http://docs.splunk.com/Documentation/Splunk/latest/Admin/AccessandusetheCLIonaremoteserver
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/AboutCLIsearches

Requires that you have the proper (not default) credentials though.

/K

0 Karma

Ayn
Legend

If you make sure that the host can access port 8089 on the Splunk instance you want to search on, then sure! You can issue a search like this:

splunk search 'your search' -uri https://thesplunkinstancetosearch:8089

(standing in $SPLUNK_HOME/bin, or having it in your path)

kristian_kolb
Ultra Champion

damn my slow editing 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...