Using Splunk from the command line
Almost everything
that can be done via the web interface can also be accomplished via the command line. For an overview, see the output of /opt/splunk/bin/splunk help. For help on a specific command, use /opt/splunk/bin/splunk help [commandname].
The most common action to perform on the command line is search. For example, have a look at the following code:
$ /opt/splunk/bin/splunk search 'foo' 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA 2012-08-25T20:17:54 user=user2 GET /foo?q=7148356 uid=MzA4MTc5OA ...
Things to note:
By default, searches are performed over All time. Protect yourself by including
earliest=-1dor an appropriate time range in your query.By default, Splunk will only output 100 lines of results. If you need more, use the
-maxoutflag.Search requires authentication, so the user will be asked to authenticate unless
-authis included as an argument.
Most use...
