Documentation > Splunk > Admin Manual > Use the CLI to administer a remote Splunk server

Admin Manual

 


Welcome to Splunk administration
What to do first
Use Splunk Web
Getting started for Windows admins
Manage Splunk licenses
Meet Splunk apps
Configure Splunk
Indexing with Splunk
Manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference

Use the CLI to administer a remote Splunk server

Contents

Use the CLI to administer a remote Splunk server

You can use the uri parameter with any CLI command to send that command to another Splunk server and view the results on your local server.

This topic discusses:

Note: Starting in 4.1.4, remote CLI access is disabled by default for the admin user until you have changed its default password.

Enable remote access

If you are running Splunk Free (no login credentials), remote access is disabled by default until you've edited $SPLUNK_HOME/etc/system/local/server.conf and set the value: 

allowRemoteLogin=always

For more information about editing configuration files, refer to "About configuration files" in this manual.

Send CLI commands to a remote server

The general syntax for using the uri parameter with any CLI command is: 

./splunk command object [-parameter <value>]... -uri <specified-server>

The uri value, specified-server is formatted as: 

[http|https]://name_of_server:management_port

Also, the name_of_server can be the fully-resolved domain name or the IP address of the remote Splunk server.

Important: This uri value is the mgmtHostPort value that you defined in the remote Splunk server's web.conf. For more information, see the web.conf reference in this manual.

For more general information about the CLI, see "About the CLI" and "Get help with the CLI" in this manual.

Search a remote server

The following example returns search results from the remote "splunkserver". 

./splunk search "host=fflanda error 404 *.gif" -uri https://splunkserver:8089

For details on syntax for searching using the CLI, refer to "About CLI searches" in the Search Reference Manual.

View apps installed on a remote server

The following example returns the list of apps that are installed on the remote "splunkserver". 

./splunk display app -uri https://splunkserver:8089

Change your default URI value

You can set a default URI value using the SPLUNK_URI environment variable. If you change this value to be the URI of the remote server, you do not need to include the uri parameter each time you want to access that remote server.

To change the value of SPLUNK_URI, type either: 

$ export SPLUNK_URI=[http|https]://name_of_server:management_port     # For Unix shells
C:\> set SPLUNK_URI=[http|https]://name_of_server:management_port     # For Windows shell

For the examples above, you can change your SPLUNK_URI value by typing: 

$ export SPLUNK_URI=https://splunkserver:8089

CLI commands you cannot run remotely

With the exception of commands that control the server, you can run all CLI commands remotely. These server control commands include:

You can view all CLI commands by accessing the CLI help reference. For more information, see "Get help with the CLI" in this manual.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3.2/Admin/AccessandusetheCLIonaremoteserver"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!