Almost everything that can be done via the web interface can also be accomplished via the command line. For an overview, see the output of /opt/splunk/bin/splunk help
. For help on a specific command, use /opt/splunk/bin/splunk help [commandname]
.
The most common action performed on the command line is search
. For example, have a look at the following code:
$ /opt/splunk/bin/splunk search 'foo' 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA
The things to note here are:
By default, searches are performed over All time. Protect yourself by including
earliest=-1d
or an appropriate time range in your query.By default, Splunk will only output 100 lines of results. If you need more, use the
-maxout
flag.Searches require authentication, so the user will be asked to authenticate unless
-auth
is included as an argument.
Most...