https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651453#M225221 <P>Hi</P><P>when you are running commands from cron, you must remember that there is no sourced environments. Usually you should use some wrapped script to:</P><OL><LI>source your user's shell environment including env vars + etc.</LI><LI>run your commands / scripts with full paths!</LI></OL><P>In your case this means e.g.</P><LI-CODE lang="markup">#!/bin/bash source ~&lt;your user&gt;/.bash_login source ~&lt;your user&gt;/.bashrc cd &lt;where ever you thing you should be&gt; /opt/splunk/bin/splunk .....</LI-CODE><P>Of course you should add needed error checks after commands etc.</P><P>r. Ismo&nbsp;</P> Fri, 21 Jul 2023 10:39:58 GMT isoutamo 2023-07-21T10:39:58Z https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651444#M225218 <P>I'm new to Splunk Enterprise, and my task is to forward logs from Splunk HF (AWS EC2 instance) to an AWS Cloud Watch log group.</P> <P>I tried to export the logs using CLI commands and stored them on the Splunk HF server locally. Then, I used the Cloud Watch agent to send the logs to the Cloud Watch log group.</P> <P>please refer the below Splunk cli command for export the logs</P> <P>#./splunk search "index::***** sourcetype::linux_audit" -output rawdata -maxout 0 -max_time 5 -auth splunk:***** &gt;&gt; /opt/linux-Test01.log</P> <P>The challenge I'm facing is that when I run the CLI command using a Linux crontab, it does not export the logs.</P> <P>Are there any other solutions or guidance available to resolve this issue?</P> Fri, 21 Jul 2023 17:53:34 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651444#M225218 sarvananth 2023-07-21T17:53:34Z https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651453#M225221 <P>Hi</P><P>when you are running commands from cron, you must remember that there is no sourced environments. Usually you should use some wrapped script to:</P><OL><LI>source your user's shell environment including env vars + etc.</LI><LI>run your commands / scripts with full paths!</LI></OL><P>In your case this means e.g.</P><LI-CODE lang="markup">#!/bin/bash source ~&lt;your user&gt;/.bash_login source ~&lt;your user&gt;/.bashrc cd &lt;where ever you thing you should be&gt; /opt/splunk/bin/splunk .....</LI-CODE><P>Of course you should add needed error checks after commands etc.</P><P>r. Ismo&nbsp;</P> Fri, 21 Jul 2023 10:39:58 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651453#M225221 isoutamo 2023-07-21T10:39:58Z https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651858#M225328 <P>Hi R.Ismo,</P><P>&nbsp;</P><P>yes, it is working fine, and thank you very much for your help.<BR />Is it possible to export the logs last 5 minutes using a CLI command?</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 25 Jul 2023 09:50:37 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651858#M225328 sarvananth 2023-07-25T09:50:37Z https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651864#M225330 <P>Basically just …/splunk search ….just check correct syntax from docs. Thera are also defined output format etc. you should remember that some events could come later, so if you just export all events from last 5min you probably miss some….</P> Tue, 25 Jul 2023 10:35:59 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-HF-exports-logs-using-a-CLI-command-as-a-Linux-crontab/m-p/651864#M225330 isoutamo 2023-07-25T10:35:59Z