Getting Data In

Execute a command through the CLI on a remote system

eden881
Path Finder

When I run splunk cmd, I can execute any external system command using Splunk's context.
I want to combine that with the -uri parameter to be able to send remote commands to Universal Forwarders.

However the cmd engine treats -uri as a part of the command itself, for example:

splunk cmd dir -uri https://uf_hostname:8089
dir: cannot access https\://uf_hostname\:8089: No such file or directory

How can I send the command to a remote Splunk instance?

0 Karma

anfis
Observer

Hi, you might want to look at clustershell for this functionality. It's a little tricky to configure but runs nicely on all kind of lx clusters
see https://clustershell.readthedocs.io/en/latest/ for details and sources...

0 Karma

eden881
Path Finder

Thank you for the answer! Unfortunately I was looking for a way to achieve this via Splunk's components only, as those are already deployed on our servers.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Create an app with a scripted input containing that command. Push the app to the desired UFs.

---
If this reply helps you, Karma would be appreciated.
0 Karma

eden881
Path Finder

Thank you for the answer, but this method is extremely inconvenient as it requires a lot of effort and time to issue a single command.
I'm looking for a semi-interactive way to make use of my existing Splunk deployment to perform simple management tasks in my environment, without the need to fully connect to the server.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...