Splunk Search

What needs to be installed and configured to give users access to the Splunk CLI to run searches?

Engager

We have cluster environment in Splunk.
We want to give access to Splunk CLI to users.

They should be able to execute CLI commands from their local computers or from the servers where just a Splunk Forwarder is installed.
Users already have access in the Splunk GUI.

What need to be installed in their local computers?
What need to be configured to be able to perform search?

0 Karma

SplunkTrust
SplunkTrust

Hi rrmavani,

What is the intention to do so?
Giving user access to Splunk CLI on a forwarder will not enable them to run a local search on it.
Further more you have to enable some config option to be able to remote connect to the Splunk management port which will open potential security risks.

The easiest way to give a Splunk user CLI access is to use this App https://splunkbase.splunk.com/app/1607/ which gives the user Splunk CLI access within the Splunk UI.

But to answer your initial questions (just remember the potential security risks you're about to open):

what need to be installed in their local computers ?
To my surprise you only need an universal forwarder and can run a remote search using this command /opt/splunkforwarder/bin/splunk search 'index=_internal earliest=-1min|stats count by sourcetype' -uri 'https://TheRemoteServer:8089/'

What need to be configured to be able to perform search ?
Read the docs http://docs.splunk.com/Documentation/Splunk/6.3.1/Admin/AccessandusetheCLIonaremoteserver and enable allowRemoteLogin= on the remote server

Hope this helps ...

cheers, MuS

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!