Archive

Do splunk commands send output to stdout?

Path Finder

When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations script, and while commands like ‘ls -la’ return the resulting text, for some reason, splunk commands do not.

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

Hi tsheets13,

Yes, the splunk command sends output to stdout. You can try this for the status option:

splunk@crux:~$ /opt/splunk/bin/splunk status 1> /tmp/foo
splunk@crux:~$ cat !$
cat /tmp/foo
splunkd is running (PID: 2431).
splunk helpers are running (PIDs: 2432 2621 4649 4682).
splunk@crux:~$ 

But i found that the restart option works best when using | tee instead:

splunk@crux:/opt/splunk/var/log/splunk$ /opt/splunk/bin/splunk restart | tee /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

and the output looks like this:

splunk@crux:/opt/splunk/var/log/splunk$ cat !$
cat /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

splunk@crux:/opt/splunk/var/log/splunk$ 

Hope this helps ...

cheers, MuS

Motivator

Greetings @tsheets13,

At least on Windows, it does. I also know (Windows only, unsure of *nix, but can't imagine it's different) that simply outputting text is read by scripted batch files.

splunk status 1> d:\status.txt works.

Cheers,
Jacob

Cheers,
Jacob
0 Karma