/ 
WWW-Splunk-2.05
River stage zero No dependents
1 ++
 / sc
  • 23 Sep 2013 06:37:24 UTC
  • Distribution: WWW-Splunk
  • Source (raw)
  • Browse (raw)
  • Changes
  • How to Contribute
  • Issues (0)
  • Testers (764 / 0 / 0)
  • Kwalitee
  • Bus factor: 1
  • % Coverage
  • License: perl_5
  • Activity
  • 24 month
  • Tools
  • Download (10.4KB)
  • MetaCPAN Explorer
  • Permissions
  • Subscribe to distribution
  • Permalinks
  • This version
  • Latest version

NAME

sc - Splunk Client

SYNOPSIS

sc [--host <host>] [--port <port>] [--login <login>] [--password <password>] [--insecure] <subcommand> [<arguments>,...]

DESCRIPTION

This is remote client for Splunk log search engine based upon WWW::Splunk. It is currently quite limited in capabilities, but intended and designed to be extended in future.

OPTIONS

--host <host>

Sets remote server to connect to. Defaults to localhost.

--port <port>

Sets port of remote server to connect to. Defaults to 8089. Please note that this is the management port, not the WWW interface port.

--login <login>

User name of the user to connect to Splunk as. Defaults to admin. The defaults for username and password will probably (hopefully?) not suit your configuration.

--password <password>

Password of the user to connect to Splunk as. Defaults to changeme.

--insecure

Tolerate SSL errors.

<subcommand> [<arguments>]

Subcommand to run. Currently defined is just search.

COMMANDS

search [-t|--since <time>] [-T|--until <time>] [-f|--format compact|long|raw] <search string>

Conduct a search, output the raw log data as they are looked up. Terminate when the search is finished.

-t, --since <time>

Cut off at given time. The time specification is any string understood by Date::Manip. Most common formats apply as well as human-readable relative time specifications (see EXAMPLES).

Use rt for real time search, optionally with specifcation of the search window, such as rt-10 for 10-second window, or rt-1m for one minute.

Defaults to unlimited.

-T, --until <time>

Do not look for entries newer than given time. The format of the time specification is the same as for --since option.

If this or --since is rt a real-time search is conducted.

-f, --format compact|long|raw

Switch output format style.

EXAMPLES

sc --host splunk.example.net --login user --password s1kr3t2 --since '2 days ago' --until yesterday search 'network AND error | head 10'

Perform a simple search query limited by given time frame.

sc --since 'rt-30' search 'source=/var/log/httpd/access_log |stats count by http_status_code'

Perform a simple real-time search.

SEE ALSO

WWW::Splunk, WWW::Splunk::API

AUTHORS

Lubomir Rintel, <lkundrak@v3.sk>

The code is hosted on GitHub http://github.com/lkundrak/perl-WWW-Splunk. Bug fixes and feature enhancements are always welcome.