Hi all,
I've got a problem with the execution of this command from a Windows ".bat" script:
The command works perfectly from a command prompt (I'm on a Windows Server 2008 Standard).
Tried also:
and:
with no luck.
The suspect is that there is something wrong with the double quotes and that the parameters are not passed correctly (by the Windows command interpreter) to "splunk.exe".
Any ideas?
Thank you very much, Luca
good, btw i am pulling this out as a "correct" answer, so when you get a chance please "accept" it so people will know it's solved.
The following pulled from comments:
you might also try renaming your script to .cmd instead of .bat, as there is some possibility that it makes a difference in which command processor (cmd.exe vs command.com) gets invoked - gkanapathy May 18 at 11:33
SOLVED 🙂 The solution is to use ".cmd" and NOT ".bat" (at least in Win2008). With a ".cmd" script, there is NO NEED of doubling the double quotes and everything goes smooth. Thank you very much for the hint, gkanapathy 😉 Luca - logicasrl May 19 at 12:34
I do have to say, I would have thought that the difference would be gone by Windows 2008. Apparently backwards compatibility is that important to Microsoft.
SOLVED 🙂
The solution is to use ".cmd" and NOT ".bat" (at least in Win2008).
With a ".cmd" script, there is NO NEED of doubling the double quotes and everything goes smooth.
Thank you very much for the hint, gkanapathy 😉
Luca
I suspect it's because Windows considers the |
vertical bar to be some kind of delimiter as well even inside the string. Quoting rules are different inside a batch file in some cases (e.g., %i
vs %%i
in a for
statement). You might just try putting a space before the initial |
. Or you could switch to PowerShell or cscript.
The preceding code still does not work.
The strange thing is that the following works correctly (from within a .bat file):
* splunk.exe search ""host="vmw03n" source="WinEventLog:Security" sourcetype="WinEventLog:Security" earliest_time="-24h""" -format csv -auth admin:password > C:\temp\splunklocalhost.csv
I will proceed with new tests tomorrow.
Luca
Thank you for the hint.
See others trials below...
do you literally have that exact string in your .bat
file, or are you using parameter or environment variables anywhere? The correct syntax is to use doubled double-quotes (i.e., your second example). it would also be helpful if you gave the exact error message in each case. you might also try renaming your script to .cmd
instead of .bat
, as there is some possibility that it makes a difference in which command processor (cmd.exe
vs command.com
) gets invoked, though probably not in W2k8.