Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Do splunk commands send output to stdout?

tsheets13
Communicator
‎10-09-2019 11:48 AM

When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations script, and while commands like ‘ls -la’ return the resulting text, for some reason, splunk commands do not.

Tags (1)
0 Karma
Reply

MuS
Legend
‎10-09-2019 12:22 PM

Hi tsheets13,

Yes, the splunk command sends output to stdout. You can try this for the status option:

splunk@crux:~$ /opt/splunk/bin/splunk status 1> /tmp/foo
splunk@crux:~$ cat !$
cat /tmp/foo
splunkd is running (PID: 2431).
splunk helpers are running (PIDs: 2432 2621 4649 4682).
splunk@crux:~$

But i found that the restart option works best when using | tee instead:

splunk@crux:/opt/splunk/var/log/splunk$ /opt/splunk/bin/splunk restart | tee /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

and the output looks like this:

splunk@crux:/opt/splunk/var/log/splunk$ cat !$
cat /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

splunk@crux:/opt/splunk/var/log/splunk$

Hope this helps ...

cheers, MuS

Reply

jacobpevans
Motivator
‎10-09-2019 12:00 PM

Greetings @tsheets13,

At least on Windows, it does. I also know (Windows only, unsure of *nix, but can't imagine it's different) that simply outputting text is read by scripted batch files.

splunk status 1> d:\status.txt works.

Cheers,
Jacob

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...
Top