Solved: CMD search not working

tkwaller · ‎04-16-2015

Tryin to run a quick test of a search from the command line(Putty) NOT CLI results in command not found. I know I'm probably doing something wrong but cant figure out what. I've looked at all of the docs I could find but still can't get it to work. I've tried several different ways but still get same results. Any ideas?

[root@8 /]# splunk search 'index=_internal | dedup host | table host' index_earliest -60sec index_latest -now
-bash: splunk: command not found
[root@8 /]# splunk search "index=_internal | dedup host | table host" index_earliest -60sec index_latest -now
-bash: splunk: command not found

Thanks for the help!

MuS · ‎04-16-2015

Hi tkwaller,

if Splunk is installed with default options, try something like this:

/opt/splunk/bin/splunk search 'index=_internal index_earliest -60sec index_latest -now | dedup host | table host'

or add /opt/splunk/bin to your OS path environment and you can run it like this:

splunk search 'index=_internal index_earliest -60sec index_latest -now | dedup host | table host'

Hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎04-16-2015

Hi tkwaller,

if Splunk is installed with default options, try something like this:

/opt/splunk/bin/splunk search 'index=_internal index_earliest -60sec index_latest -now | dedup host | table host'

or add /opt/splunk/bin to your OS path environment and you can run it like this:

splunk search 'index=_internal index_earliest -60sec index_latest -now | dedup host | table host'

Hope this helps ...

cheers, MuS

tkwaller · ‎04-16-2015

It was indeed me not including /opt/splunk/bin/ before splunk, I knew it was something simple like that. This one worked perfectly: /opt/splunk/bin/splunk search 'index=_internal index_earliest -60sec index_latest -now | dedup host | table host'

Thank you sir!

CMD search not working

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!