Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Do splunk commands send output to stdout?

tsheets13
Path Finder
โ€Ž10-09-2019 11:48 AM

When you run โ€˜splunk statusโ€™ or โ€˜splunk startโ€™ etc., is the output sent to stdout? Iโ€™m working with an automations script, and while commands like โ€˜ls -laโ€™ return the resulting text, for some reason, splunk commands do not.

Tags (1)
0 Karma
Reply

MuS
SplunkTrust
SplunkTrust
โ€Ž10-09-2019 12:22 PM

Hi tsheets13,

Yes, the splunk command sends output to stdout. You can try this for the status option:

splunk@crux:~$ /opt/splunk/bin/splunk status 1> /tmp/foo
splunk@crux:~$ cat !$
cat /tmp/foo
splunkd is running (PID: 2431).
splunk helpers are running (PIDs: 2432 2621 4649 4682).
splunk@crux:~$

But i found that the restart option works best when using | tee instead:

splunk@crux:/opt/splunk/var/log/splunk$ /opt/splunk/bin/splunk restart | tee /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

and the output looks like this:

splunk@crux:/opt/splunk/var/log/splunk$ cat !$
cat /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

splunk@crux:/opt/splunk/var/log/splunk$

Hope this helps ...

cheers, MuS

Reply

jacobevans
Motivator
โ€Ž10-09-2019 12:00 PM

Greetings @tsheets13,

At least on Windows, it does. I also know (Windows only, unsure of *nix, but can't imagine it's different) that simply outputting text is read by scripted batch files.

splunk status 1> d:\status.txt works.

Cheers,
Jacob

Cheers,
Jacob
0 Karma
Reply