Enable distributed search via the CLI
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Enable distributed search via the CLI
Follow these instructions to enable distributed search via Splunk's CLI. . You can also enable distributed search via Splunk Web or distsearch.conf.
Configuration
To use Splunk's CLI, navigate to the $SPLUNK_HOME/bin/ directory and use the ./splunk command. You can also add Splunk to your path and use the splunk command.
Enable distributed search
splunk enable dist-search -auth admin:changeme Distributed search enabled. You need to restart the Splunk Server for your changes to take effect.
Enable auto-discovery
splunk enable discoverable -auth admin:changeme Discoverable mode is now enabled. You need to restart the Splunk Server for your changes to take effect.
Add a search server
splunk add search-server -host 10.10.10.10 -port 8888 -auth admin:changeme Success. You need to restart the Splunk Server for your changes to take effect.
Search via the CLI
Use the dispatch command to send out searches via Splunk's CLI.
splunk dispatch "source::/var/log/tomcat55/catalina.out minutesago::5" -auth admin:changeme
This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.