https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124822#M25721 <P>Hi,<BR /> I have a requirement to execute a query on different SPlunk instances (different environmet). Adding them as search peer is not an options (limitation), hence I was wondering if we have any options, either REST command or using command line, to execute a search on a remote Splunk instance and get the search result.</P> <P>If it can be done by REST, I may be able to automate the same.</P> <P>Thanks in advanced.</P> Thu, 31 Oct 2013 20:12:01 GMT somesoni2 2013-10-31T20:12:01Z https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124822#M25721 <P>Hi,<BR /> I have a requirement to execute a query on different SPlunk instances (different environmet). Adding them as search peer is not an options (limitation), hence I was wondering if we have any options, either REST command or using command line, to execute a search on a remote Splunk instance and get the search result.</P> <P>If it can be done by REST, I may be able to automate the same.</P> <P>Thanks in advanced.</P> Thu, 31 Oct 2013 20:12:01 GMT https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124822#M25721 somesoni2 2013-10-31T20:12:01Z https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124823#M25722 <P>What exactly is the limitation that makes you unable to add the remote instances as search peers? The search head will be communicating with its search peers solely through the REST API, so...</P> <P>Otherwise you could either query the remote instance simply by issuing a search through the splunk CLI, by adding the <CODE>uri</CODE> parameter:</P> <PRE><CODE>$SPLUNK_HOME/bin/splunk search 'yoursearch' -uri 'https://remoteinstance:8089/' </CODE></PRE> <P>Or you could use one of the existing SDK's to issue searches via the REST API.</P> Thu, 31 Oct 2013 20:22:20 GMT https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124823#M25722 Ayn 2013-10-31T20:22:20Z https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124824#M25723 <P>This can certainly be accomplished via the <A href="http://dev.splunk.com/view/rest-api-overview/SP-CAAADP8">Splunk REST API</A>.</P> <P>And we have <A href="http://dev.splunk.com/view/sdks/SP-CAAADP7">several language SDKs</A> with comprehensive searching examples to make it easier to do this.</P> Thu, 31 Oct 2013 20:23:32 GMT https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124824#M25723 Damien_Dallimor 2013-10-31T20:23:32Z https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124825#M25724 <P>how do i export the above results to a text or csv?</P> Thu, 26 May 2016 22:47:03 GMT https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124825#M25724 shivarpith 2016-05-26T22:47:03Z https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124826#M25725 <P>I made a search command to do it easily.</P> <P>Probably too late for this issue, but maybe someone will find it helpful and simpler than using the REST API directly:<BR /> <A href="https://github.com/omerl13/remote-splunk-search">https://github.com/omerl13/remote-splunk-search</A></P> <P>Usage will be like: </P> <PRE><CODE>| remote host="mysplunk2.com" query="index=main | head 50 | table _time host _raw" username="user" password="changeme" </CODE></PRE> <P>(Tokens are also supported)</P> Tue, 01 Oct 2019 17:31:55 GMT https://community.splunk.com/t5/Getting-Data-In/Executing-search-query-on-a-remote-Splunk-Instance-may-be-using/m-p/124826#M25725 omerl 2019-10-01T17:31:55Z