Execute a command through the CLI on a remote syst...

eden881 · ‎11-20-2019

When I run splunk cmd, I can execute any external system command using Splunk's context.
I want to combine that with the -uri parameter to be able to send remote commands to Universal Forwarders.

However the cmd engine treats -uri as a part of the command itself, for example:

splunk cmd dir -uri https://uf_hostname:8089
dir: cannot access https\://uf_hostname\:8089: No such file or directory

How can I send the command to a remote Splunk instance?

anfis · ‎04-29-2020

Hi, you might want to look at clustershell for this functionality. It's a little tricky to configure but runs nicely on all kind of lx clusters
see https://clustershell.readthedocs.io/en/latest/ for details and sources...

eden881 · ‎04-30-2020

Thank you for the answer! Unfortunately I was looking for a way to achieve this via Splunk's components only, as those are already deployed on our servers.

richgalloway · ‎11-20-2019

Create an app with a scripted input containing that command. Push the app to the desired UFs.

---
If this reply helps you, Karma would be appreciated.

eden881 · ‎11-21-2019

Thank you for the answer, but this method is extremely inconvenient as it requires a lot of effort and time to issue a single command.
I'm looking for a semi-interactive way to make use of my existing Splunk deployment to perform simple management tasks in my environment, without the need to fully connect to the server.

Execute a command through the CLI on a remote system

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?