Almost everything that can be done via the web interface can also be accomplished via the command line. For an overview, see the output of /opt/splunk/bin/splunk help
. For help on a specific command, use /opt/splunk/bin/splunk help [commandname]
.
The most common action performed on the command line is search
. For example, have a look at the following code:
$ /opt/splunk/bin/splunk search 'foo'2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA
The things to note here are as follows:
- By default, searches are performed over
All time
. Protect yourself by includingearliest=-1d
or an appropriate time range in your query. - By default, Splunk will only output 100 lines of results. If you need more, use the
-maxout
flag. - Searches require authentication, so the user will be asked to authenticate unless
-auth
is included as an argument...