Archive

Can you use a CLI Search with Splunk Free?

Communicator

Hi, I have a Splunk Free Windows box and I want to run something like this in Splunk Free CLI:

splunk search 'index=main' -index_eariest -5m

However, the CMD returns a blank line. Is this possible in Splunk Free, please?

0 Karma

Builder

I am current running in my personal box, the splunk enterprise free license and I am able to run searches. You have to login with admin user to be able to run the search from CLI.
Try something like this:

./splunk search 'index=main' -index_earliest -5m@m -index_latest @m

I believe what is missing is the "-index_latest " parameter
check this link with the commands/syntax:
https://docs.splunk.com/Documentation/Splunk/8.0.0/SearchReference/CLIsearchsyntax#Examples

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!