Splunk Search

What needs to be installed and configured to give users access to the Splunk CLI to run searches?


We have cluster environment in Splunk.
We want to give access to Splunk CLI to users.

They should be able to execute CLI commands from their local computers or from the servers where just a Splunk Forwarder is installed.
Users already have access in the Splunk GUI.

What need to be installed in their local computers?
What need to be configured to be able to perform search?

0 Karma


Hi rrmavani,

What is the intention to do so?
Giving user access to Splunk CLI on a forwarder will not enable them to run a local search on it.
Further more you have to enable some config option to be able to remote connect to the Splunk management port which will open potential security risks.

The easiest way to give a Splunk user CLI access is to use this App https://splunkbase.splunk.com/app/1607/ which gives the user Splunk CLI access within the Splunk UI.

But to answer your initial questions (just remember the potential security risks you're about to open):

what need to be installed in their local computers ?
To my surprise you only need an universal forwarder and can run a remote search using this command /opt/splunkforwarder/bin/splunk search 'index=_internal earliest=-1min|stats count by sourcetype' -uri 'https://TheRemoteServer:8089/'

What need to be configured to be able to perform search ?
Read the docs http://docs.splunk.com/Documentation/Splunk/6.3.1/Admin/AccessandusetheCLIonaremoteserver and enable allowRemoteLogin= on the remote server

Hope this helps ...

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Using the Splunk Threat Research Team’s Latest Security Content

REGISTER HERE Tech Talk | Security Edition Did you know the Splunk Threat Research Team regularly releases ...

SplunkTrust | 2024 SplunkTrust Application Period is Open!

It's that time again, folks! That's right, the application/nomination period for the 2024 SplunkTrust is ...