Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Passing dynamic parameters in search running from cli

bsrikanthreddy5
Path Finder
‎02-14-2021 05:06 PM

Hi, 

Is there was to dynamically pass a value like below in Splunk for running a search from cli.

I am trying to write a script to find event count from source files on HF and compare event to count indexed by running the below search 

/opt/splunk/bin/splunk search 'index=*  source=${c2_source}/*.gz  | stats count' -uri 'https://<SH IP>:8089/' -auth admin:xxxxxxxxxx  2>/dev/null

Or  is there way to achive using restapi commands

Labels (1)
Labels
Tags (1)
0 Karma
Reply

bsrikanthreddy5
Path Finder
‎02-18-2021 06:19 AM

I have implemented this way.

query="index=*  source=${c2_source}/*.gz earliest=-1d@d | stats count"

 event_count=$(/opt/splunk/bin/splunk search "$query" -uri 'https://<SH-IP>:8089/' -auth admin:password 2>/dev/null)

  echo $event_count

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎02-18-2021 06:59 AM
When you are using “ instead of ‘ those variables etc will be expanded on command line.
0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...