Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

command line search from remote host, with no splunk products installed

DTERM
Contributor
‎04-27-2012 08:11 AM

I've created a saved search on an indexer. I set the permissions such that the search is available for all apps. I've given group "everyone" read access to the search.

Now from a remote server, without any Splunk application installed, I want to run a wget against the saved URL. However, I am not able to do so. There are no firewall rules or restrictions between the two systems. The command is

wget http://myhost.mydomain.com:8000/en-US/app/search/%40go?s=hostdf

Here is a snapshot of the wget, and the resulting saved file: (Names were changed to protect the guilty). The command works, the saved search works fine, but I'm not getting the search results. Should I be able to run a saved search from the command line of a remote host that does not have any splunk apps installed? Thanks

root@remotehost:/Users/user/trash wget http://splunk-ind.mydomain.com:8000/en-US/app/search/%40go?s=fo03df

--2012-04-27 10:42:15-- http://splunk-ind.mydomain.com:8000/en-US/app/search/%40go?s=fo03df
Resolving splunk-ind.mydomain.com... 10.167.148.74, fd02:c9e3:a6c0:4705::230
Connecting to splunk-ind.mydomain.com|10.167.148.74|:8000... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://splunk-ind.mydomain.com:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Fsearch%2F%2540go%... [following]
--2012-04-27 10:42:15-- http://splunk-ind.mydomain.com:8000/en-US/account/login?return_to=%2Fen-US%2Fapp%2Fsearch%2F%2540go%...
Reusing existing connection to splunk-ind.mydomain.com:8000.
HTTP request sent, awaiting response... 200 OK
Length: 7529 (7.4K) [text/html]
Saving to: `login?return_to=%2Fen-US%2Fapp%2Fsearch%2F%40go?s=fo03df'

100%[==================================================================================================================================>] 7,529 --.-K/s in 0.001s

2012-04-27 10:42:15 (6.42 MB/s) - `login?return_to=%2Fen-US%2Fapp%2Fsearch%2F%40go?s=fo03df' saved [7529/7529]

root@remotehost:/Users/user/trash more login\?return_to=%2Fen-US%2Fapp%2Fsearch%2F%40go\?s=fo03df
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<!-- live to code, code to live... -->

<head>
    <meta http-equiv="X-UA-Compatible" content="IE=7, IE=9, chrome=IE8" />
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <meta http-equiv="content-language" content="en_US" />
    <meta http-equiv="imagetoolbar" content="no" />
    <meta name="author" content="Splunk Inc." />
    <link rel="apple-touch-icon" href="/en-US/static/@115073/img/iosicon.png" />
    <link rel="shortcut icon" href="/en-US/static/@115073/img/favicon.ico" />
    <title>
    Login -     
Splunk</title>



        <script type="text/javascript" src="/en-US/config?autoload=1"></script>             




                <script type="text/javascript">
                    var DISABLE_MESSENGER = true;
                </script>
            <script type="text/javascript" src="/en-US/static/@115073/js/common.min.js"></script>                 




        <link rel="stylesheet" href="/en-US/static/@115073/css/login.css" />             








</head>
<body>

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Lowell
Super Champion
‎04-27-2012 08:57 AM

You can't easily call splunk web from the commandline and expect anything readable. The actual searching process is all kicked off via AJAX voodo. Nothing easily parseable like straight HTML tables.... However, splunk offers some nice features via it's REST API.

Check out Intro to REST API Tutorial for a quick way to get started. For your question specifically, see "Searching" section.

The example shown there uses "curl" but you should be able to translate that to work with "wget" if "curl" isn't available.

curl  -k -u admin:changeme  -d 'search="search error | head 10"' -d "output_mode=csv" https://localhost:8089/servicesNS/admin/search/search/jobs/export

Change "output_mode" to "raw", "xml", or "json" depending on your needs.

View solution in original post

Reply
Solved! Jump to solution
Solution

Lowell
Super Champion
‎04-27-2012 08:57 AM

You can't easily call splunk web from the commandline and expect anything readable. The actual searching process is all kicked off via AJAX voodo. Nothing easily parseable like straight HTML tables.... However, splunk offers some nice features via it's REST API.

Check out Intro to REST API Tutorial for a quick way to get started. For your question specifically, see "Searching" section.

The example shown there uses "curl" but you should be able to translate that to work with "wget" if "curl" isn't available.

curl  -k -u admin:changeme  -d 'search="search error | head 10"' -d "output_mode=csv" https://localhost:8089/servicesNS/admin/search/search/jobs/export

Change "output_mode" to "raw", "xml", or "json" depending on your needs.

Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...