Solved: CLI: Linux vs. Windows

NK_1 · ‎07-20-2011

Using the CLI, if I do

splunk search hoursago=1

I see output under a Linux Splunk installation, but not under a Windows Splunk installation.

Where does the output from the Windows installation go?

gekoner · ‎09-09-2011

I assume you are running Splunk 4.2.2 or higher and this is on a Windows 2008 server. You will need to run the command prompt with elevated privileges (Run as administrator). Then it should echo out to the same command screen.
If you don't it opens a new window, and if the results return quickly you might not even see the new command window popup.

View solution in original post

gekoner · ‎09-09-2011

I assume you are running Splunk 4.2.2 or higher and this is on a Windows 2008 server. You will need to run the command prompt with elevated privileges (Run as administrator). Then it should echo out to the same command screen.
If you don't it opens a new window, and if the results return quickly you might not even see the new command window popup.

echalex · ‎10-22-2012

Thank you for the answer, gekoner. I hade the same kind of problem under Windows 7. Any splunk command, such as splunk status would only quickly flicker another terminal window. Opening cmd with "run as administrator" solved this issue.

NK_1 · ‎09-15-2011

splunk search "daysago=1 AccountName" > c:\accounts.log

Tried this on Splunk 4.2.3 under Windows 7 Enterprise, and that was it (i.e. need to run the command shell as Admin). Thanks!

CLI: Linux vs. Windows

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?