Splunk Search

What needs to be installed and configured to give users access to the Splunk CLI to run searches?

rrmavani
Engager

We have cluster environment in Splunk.
We want to give access to Splunk CLI to users.

They should be able to execute CLI commands from their local computers or from the servers where just a Splunk Forwarder is installed.
Users already have access in the Splunk GUI.

What need to be installed in their local computers?
What need to be configured to be able to perform search?

0 Karma

MuS
Legend

Hi rrmavani,

What is the intention to do so?
Giving user access to Splunk CLI on a forwarder will not enable them to run a local search on it.
Further more you have to enable some config option to be able to remote connect to the Splunk management port which will open potential security risks.

The easiest way to give a Splunk user CLI access is to use this App https://splunkbase.splunk.com/app/1607/ which gives the user Splunk CLI access within the Splunk UI.

But to answer your initial questions (just remember the potential security risks you're about to open):

what need to be installed in their local computers ?
To my surprise you only need an universal forwarder and can run a remote search using this command /opt/splunkforwarder/bin/splunk search 'index=_internal earliest=-1min|stats count by sourcetype' -uri 'https://TheRemoteServer:8089/'

What need to be configured to be able to perform search ?
Read the docs http://docs.splunk.com/Documentation/Splunk/6.3.1/Admin/AccessandusetheCLIonaremoteserver and enable allowRemoteLogin= on the remote server

Hope this helps ...

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...