When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations script, and while commands like ‘ls -la’ return the resulting text, for some reason, splunk commands do not.
Hi tsheets13,
Yes, the splunk
command sends output to stdout. You can try this for the status
option:
splunk@crux:~$ /opt/splunk/bin/splunk status 1> /tmp/foo
splunk@crux:~$ cat !$
cat /tmp/foo
splunkd is running (PID: 2431).
splunk helpers are running (PIDs: 2432 2621 4649 4682).
splunk@crux:~$
But i found that the restart
option works best when using | tee
instead:
splunk@crux:/opt/splunk/var/log/splunk$ /opt/splunk/bin/splunk restart | tee /tmp/foo
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...
Done.
Splunk> Like an F-18, bro.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Waiting for web server at https://127.0.0.1:8000 to be available........... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at https://crux:8000
and the output looks like this:
splunk@crux:/opt/splunk/var/log/splunk$ cat !$
cat /tmp/foo
Stopping splunkd...
Shutting down. Please wait, as this may take a few minutes.
.....................................
Stopping splunk helpers...
Done.
Splunk> Like an F-18, bro.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Done
Waiting for web server at https://127.0.0.1:8000 to be available........... Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at https://crux:8000
splunk@crux:/opt/splunk/var/log/splunk$
Hope this helps ...
cheers, MuS
Greetings @tsheets13,
At least on Windows, it does. I also know (Windows only, unsure of *nix, but can't imagine it's different) that simply outputting text is read by scripted batch files.
splunk status 1> d:\status.txt
works.
Cheers,
Jacob