Splunk Search

Do splunk commands send output to stdout?

tsheets13
Communicator

When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations script, and while commands like ‘ls -la’ return the resulting text, for some reason, splunk commands do not.

Tags (1)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi tsheets13,

Yes, the splunk command sends output to stdout. You can try this for the status option:

splunk@crux:~$ /opt/splunk/bin/splunk status 1> /tmp/foo
splunk@crux:~$ cat !$
cat /tmp/foo
splunkd is running (PID: 2431).
splunk helpers are running (PIDs: 2432 2621 4649 4682).
splunk@crux:~$ 

But i found that the restart option works best when using | tee instead:

splunk@crux:/opt/splunk/var/log/splunk$ /opt/splunk/bin/splunk restart | tee /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

and the output looks like this:

splunk@crux:/opt/splunk/var/log/splunk$ cat !$
cat /tmp/foo
Stopping splunkd...
Shutting down.  Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...

Done.

Splunk> Like an F-18, bro.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Done


Waiting for web server at https://127.0.0.1:8000 to be available........... Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at https://crux:8000

splunk@crux:/opt/splunk/var/log/splunk$ 

Hope this helps ...

cheers, MuS

jacobpevans
Motivator

Greetings @tsheets13,

At least on Windows, it does. I also know (Windows only, unsure of *nix, but can't imagine it's different) that simply outputting text is read by scripted batch files.

splunk status 1> d:\status.txt works.

Cheers,
Jacob

Cheers,
Jacob

If you feel this response answered your question, please do not forget to mark it as such. If it did not, but you do have the answer, feel free to answer your own post and accept that as the answer.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...