Passing dynamic parameters in search running from ...

bsrikanthreddy5 · ‎02-14-2021

Hi,

Is there was to dynamically pass a value like below in Splunk for running a search from cli.

I am trying to write a script to find event count from source files on HF and compare event to count indexed by running the below search

/opt/splunk/bin/splunk search 'index=* source=${c2_source}/*.gz | stats count' -uri 'https://<SH IP>:8089/' -auth admin:xxxxxxxxxx 2>/dev/null

Or is there way to achive using restapi commands

bsrikanthreddy5 · ‎02-18-2021

I have implemented this way.

query="index=* source=${c2_source}/*.gz earliest=-1d@d | stats count"

event_count=$(/opt/splunk/bin/splunk search "$query" -uri 'https://<SH-IP>:8089/' -auth admin:password 2>/dev/null)

echo $event_count

isoutamo · ‎02-18-2021

When you are using “ instead of ‘ those variables etc will be expanded on command line.

Passing dynamic parameters in search running from cli