All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Running splunk command returns no output

gekoner
Communicator
‎09-19-2011 07:37 PM

V4.1.6 - When running a batch command 'splunk list forwarder-server' as the splunk service, which is running as LocalSystem.
No error are returned, it just doesn't output anything either to the screen or to a file, unless I run the batch as a users with an interactive session.
Other splunk commands run without issue.

Does anyone have a good work around for this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gekoner
Communicator
‎11-08-2011 03:09 PM

This command is not supported from a non-interactive session. You must be logged in as a user to run this command. if I was running my LFC as a user account in the Windows Service this would work. But since Splunk is running as Local System, it doesn't produce any output. This is a security "feature", but the funny thing is other Splunk commands are allowed, so I'm not sure why this and other outputs are not allowed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gekoner
Communicator
‎11-08-2011 03:09 PM

This command is not supported from a non-interactive session. You must be logged in as a user to run this command. if I was running my LFC as a user account in the Windows Service this would work. But since Splunk is running as Local System, it doesn't produce any output. This is a security "feature", but the funny thing is other Splunk commands are allowed, so I'm not sure why this and other outputs are not allowed.

0 Karma
Reply
Solved! Jump to solution

MBerikcurtis
Path Finder
‎09-20-2011 01:03 PM

using netstat from a command prompt, do you see the forwarder ports open? default is 9997.

0 Karma
Reply
Solved! Jump to solution

gekoner
Communicator
‎09-21-2011 09:18 AM

I see the LFC communicating to the Indexer on 9997 (Foreign Address). I don't see the client listing on 9997 (Local Address). If you thought the issue was that the client isn't communicating to the indexer, that isn't my issue. See my post. It is just this command not producing output, not locally to a file or ECHO to the screen.

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...