- SEE ALSO
sc - Splunk Client
sc [--host <host>] [--port <port>] [--login <login>] [--password <password>] [--insecure] <subcommand> [<arguments>,...]
This is remote client for Splunk log search engine based upon WWW::Splunk. It is currently quite limited in capabilities, but intended and designed to be extended in future.
- --host <host>
Sets remote server to connect to. Defaults to localhost.
- --port <port>
Sets port of remote server to connect to. Defaults to 8089. Please note that this is the management port, not the WWW interface port.
- --login <login>
User name of the user to connect to Splunk as. Defaults to admin. The defaults for username and password will probably (hopefully?) not suit your configuration.
- --password <password>
Password of the user to connect to Splunk as. Defaults to changeme.
Tolerate SSL errors.
- <subcommand> [<arguments>]
Subcommand to run. Currently defined is just search.
Conduct a search, output the raw log data as they are looked up. Terminate when the search is finished.
- -t, --since <time>
rtfor real time search, optionally with specifcation of the search window, such as
rt-10for 10-second window, or
rt-1mfor one minute.
Defaults to unlimited.
- -T, --until <time>
Do not look for entries newer than given time. The format of the time specification is the same as for --since option.
If this or --since is
rta real-time search is conducted.
- -f, --format compact|long|raw
Switch output format style.
- sc --host splunk.example.net --login user --password s1kr3t2 search --since '2 days ago' --until yesterday 'network AND error | head 10'
Perform a simple search query limited by given time frame.
- sc search --since 'rt-30' 'source=/var/log/httpd/access_log |stats count by http_status_code'
Perform a simple real-time search.
The code is hosted on GitHub http://github.com/tupinek/perl-WWW-Splunk. Bug fixes and feature enhancements are always welcome.