Use the CLI remotely

Use the CLI remotely

The REST API isn't the only way to call on Splunk remotely. You can also use the CLI, remotely. You can even do this from a server that isn't running Splunk. Use the CLI remotely to configure data inputs, run searches, manage users and more. You can call the CLI remotely from your custom application code, even.

Starting in 4.1.4, remote CLI access is disabled by default for the admin user until you have changed its default password.

If you are running Splunk Free (no login credentials), remote access is disabled by default and until you've edited $SPLUNK_HOME/etc/system/local/server.conf and set the value of allowRemoteLogin to always.

For more information about editing configuration files, refer to "About configuration files" in the Admin Manual.

For more information about the CLI, see "About the CLI" and "Get help with the CLI" in the Admin Manual.

Here's how you should structure your calls:

<command> [<subcommand>] <params> -uri https://<splunk host name>:<management port>

For example, monitor the /var/log directory of your Splunk host, CorpSplunk, with the following command:

splunk add monitor /var/log -uri https://CorpSplunk:8089

Use the -uri tag to specify the host you'll be configuring. The protocol must be http or https, depending on whether or not SSL is enabled on the Splunkd port. SSL is enabled by default, so you'll probably want to use https. 8089 is the default management port, so use this unless you've configured a different management port.

The only caveat to this feature is that if you’re logged into your Splunk server via splunk login, you will have to re-authenticate when sending commands to the remote server (and once again when you resume targetting your local server by leaving off -uri). Workarounds include using the -auth parameter or the SPLUNK_USERNAME and SPLUNK_PASSWORD environment variables.

• Was this topic useful?
• Post a comment