Use the CLI to administer a remote Splunk server
Contents
Use the CLI to administer a remote Splunk server
You can use the uri parameter with any CLI command to send that command to another Splunk server and view the results on your local server.
This topic discusses:
- Syntax for using the
uriparameter. - CLI commands that you cannot use remotely.
Note: Starting in 4.1.4, remote CLI access is disabled by default for the admin user until you have changed its default password.
Enable remote access
If you are running Splunk Free (no login credentials), remote access is disabled by default until you've edited $SPLUNK_HOME/etc/system/local/server.conf and set the value:
allowRemoteLogin=always
For more information about editing configuration files, refer to "About configuration files" in this manual.
Send CLI commands to a remote server
The general syntax for using the uri parameter with any CLI command is:
./splunk command object [-parameter <value>]... -uri <specified-server>
The uri value, specified-server is formatted as:
[http|https]://name_of_server:management_port
Also, the name_of_server can be the fully-resolved domain name or the IP address of the remote Splunk server.
Important: This uri value is the mgmtHostPort value that you defined in the remote Splunk server's web.conf. For more information, see the web.conf reference in this manual.
For more general information about the CLI, see "About the CLI" and "Get help with the CLI" in this manual.
Search a remote server
The following example returns search results from the remote "splunkserver".
./splunk search "host=fflanda error 404 *.gif" -uri https://splunkserver:8089
For details on syntax for searching using the CLI, refer to "About CLI searches" in the Search Reference Manual.
View apps installed on a remote server
The following example returns the list of apps that are installed on the remote "splunkserver".
./splunk display app -uri https://splunkserver:8089
Change your default URI value
You can set a default URI value using the SPLUNK_URI environment variable. If you change this value to be the URI of the remote server, you do not need to include the uri parameter each time you want to access that remote server.
To change the value of SPLUNK_URI, type either:
$ export SPLUNK_URI=[http|https]://name_of_server:management_port # For Unix shells C:\> set SPLUNK_URI=[http|https]://name_of_server:management_port # For Windows shell
For the examples above, you can change your SPLUNK_URI value by typing:
$ export SPLUNK_URI=https://splunkserver:8089
CLI commands you cannot run remotely
With the exception of commands that control the server, you can run all CLI commands remotely. These server control commands include:
- Start, stop, restart
- Status, version
You can view all CLI commands by accessing the CLI help reference. For more information, see "Get help with the CLI" in this manual.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.