Solved: CLI: Linux vs. Windows

NK_1 · ‎07-20-2011

Using the CLI, if I do

splunk search hoursago=1

I see output under a Linux Splunk installation, but not under a Windows Splunk installation.

Where does the output from the Windows installation go?

gekoner · ‎09-09-2011

I assume you are running Splunk 4.2.2 or higher and this is on a Windows 2008 server. You will need to run the command prompt with elevated privileges (Run as administrator). Then it should echo out to the same command screen.
If you don't it opens a new window, and if the results return quickly you might not even see the new command window popup.

View solution in original post

gekoner · ‎09-09-2011

I assume you are running Splunk 4.2.2 or higher and this is on a Windows 2008 server. You will need to run the command prompt with elevated privileges (Run as administrator). Then it should echo out to the same command screen.
If you don't it opens a new window, and if the results return quickly you might not even see the new command window popup.

echalex · ‎10-22-2012

Thank you for the answer, gekoner. I hade the same kind of problem under Windows 7. Any splunk command, such as splunk status would only quickly flicker another terminal window. Opening cmd with "run as administrator" solved this issue.

NK_1 · ‎09-15-2011

splunk search "daysago=1 AccountName" > c:\accounts.log

Tried this on Splunk 4.2.3 under Windows 7 Enterprise, and that was it (i.e. need to run the command shell as Admin). Thanks!

CLI: Linux vs. Windows

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation