Splunk Search

What needs to be installed and configured to give users access to the Splunk CLI to run searches?

rrmavani
Engager

We have cluster environment in Splunk.
We want to give access to Splunk CLI to users.

They should be able to execute CLI commands from their local computers or from the servers where just a Splunk Forwarder is installed.
Users already have access in the Splunk GUI.

What need to be installed in their local computers?
What need to be configured to be able to perform search?

0 Karma

MuS
Legend

Hi rrmavani,

What is the intention to do so?
Giving user access to Splunk CLI on a forwarder will not enable them to run a local search on it.
Further more you have to enable some config option to be able to remote connect to the Splunk management port which will open potential security risks.

The easiest way to give a Splunk user CLI access is to use this App https://splunkbase.splunk.com/app/1607/ which gives the user Splunk CLI access within the Splunk UI.

But to answer your initial questions (just remember the potential security risks you're about to open):

what need to be installed in their local computers ?
To my surprise you only need an universal forwarder and can run a remote search using this command /opt/splunkforwarder/bin/splunk search 'index=_internal earliest=-1min|stats count by sourcetype' -uri 'https://TheRemoteServer:8089/'

What need to be configured to be able to perform search ?
Read the docs http://docs.splunk.com/Documentation/Splunk/6.3.1/Admin/AccessandusetheCLIonaremoteserver and enable allowRemoteLogin= on the remote server

Hope this helps ...

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...