Splunk® Enterprise

Admin Manual

Download manual as PDF

Download topic as PDF

Use the CLI to administer a remote Splunk Enterprise instance

You can use the uri parameter with any CLI command to send that command to another Splunk Enterprise instance and view the results on your local server.

This topic discusses:

  • Syntax for using the uri parameter.
  • CLI commands that you cannot use remotely.

Note: Remote CLI access is disabled by default for the admin user until you have changed its default password.

Enable remote access

If you are running Splunk Free (which has no login credentials), remote access is disabled by default until you've edited $SPLUNK_HOME/etc/system/local/server.conf and set the value:

allowRemoteLogin=always

Note: The add oneshot command works on local instances but cannot be used remotely.

For more information about editing configuration files, refer to About configuration files in this manual.

Send CLI commands to a remote server

The general syntax for using the uri parameter with any CLI command is:

./splunk command object [-parameter <value>]... -uri <specified-server>

The uri value, specified-server is formatted as:

[http|https]://name_of_server:management_port

Also, the name_of_server can be the fully resolved domain name or the IP address of the remote Splunk Enterprise instance.

Important: This uri value is the mgmtHostPort value that you defined in web.conf on the remote Splunk Enterprise instance. For more information, see the web.conf reference in this manual.

For general information about the CLI, see About the CLI and Get help with the CLI in this manual.

Search a remote instance

The following example returns search results from the remote "splunkserver".

./splunk search "host=fflanda error 404 *.gif" -uri https://splunkserver:8089

For details on syntax for searching using the CLI, refer to About CLI searches in the Search Reference Manual.

View apps installed on a remote instance

The following example returns the list of apps that are installed on the remote "splunkserver".

./splunk display app -uri https://splunkserver:8089

Change your default URI value

You can set a default URI value using the SPLUNK_URI environment variable. If you change this value to be the URI of the remote server, you do not need to include the uri parameter each time you want to access that remote server.

To change the value of SPLUNK_URI, type either:

$ export SPLUNK_URI=[http|https]://name_of_server:management_port     # For Unix shells
C:\> set SPLUNK_URI=[http|https]://name_of_server:management_port     # For Windows shell

For the examples above, you can change your SPLUNK_URI value by typing:

$ export SPLUNK_URI=https://splunkserver:8089

CLI commands you cannot run remotely

With the exception of commands that control the server, you can run all CLI commands remotely. These server control commands include:

  • Start, stop, restart
  • Status, version

You can view all CLI commands by accessing the CLI help reference. See Get help with the CLI in this manual.

PREVIOUS
Administrative CLI commands
  NEXT
Customize the CLI login banner

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.6.0, 6.6.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters