·

sc (1) Linux Manual Page

ByLinux Manual Posted on

sc – Splunk Client

Synopsis

sc [–host <host>] [–port <port>] [–login <login>] [–password <password>] [–insecure] <subcommand> [<arguments>,…]

Description

This is remote client for Splunk log search engine based upon WWW::Splunk. It is currently quite limited in capabilities, but intended and designed to be extended in future.

Options

–host <host>
Sets remote server to connect to. Defaults to localhost.
–port <port>
Sets port of remote server to connect to. Defaults to 8089. Please note that this is the management port, not the WWW interface port.
–login <login>
User name of the user to connect to Splunk as. Defaults to admin. The defaults for username and password will probably (hopefully?) not suit your configuration.
–password <password>
Password of the user to connect to Splunk as. Defaults to changeme.
–insecure
Tolerate SSL errors.
<subcommand> [<arguments>]
Subcommand to run. Currently defined is just search.

Commands

search [-t|–since <time>] [-T|–until <time>] [-f|–format compact|long|raw] <search string>

Conduct a search, output the raw log data as they are looked up. Terminate when the search is finished.
-t, –since <time>
Cut off at given time. The time specification is any string understood by Date::Manip. Most common formats apply as well as human-readable relative time specifications (see EXAMPLES).

Use "rt" for real time search, optionally with specifcation of the search window, such as "rt-10" for 10-second window, or "rt-1m" for one minute.

Defaults to unlimited.

-T, –until <time>
Do not look for entries newer than given time. The format of the time specification is the same as for –since option.

If this or –since is "rt" a real-time search is conducted.

-f, –format compact|long|raw
Switch output format style.

Examples

sc –host splunk.example.net –login user –password s1kr3t2 –since ‘2 days ago’ –until yesterday search ‘network AND error | head 10′
Perform a simple search query limited by given time frame.
sc –since ‘rt-30’ search ‘source=/var/log/httpd/access_log |stats count by http_status_code’
Perform a simple real-time search.

See Also

WWW::Splunk, WWW::Splunk::API

Authors

Lubomir Rintel, <lkundrak [at] v3.sk>

The code is hosted on GitHub <http://github.com/lkundrak/perl-WWW-Splunk>. Bug fixes and feature enhancements are always welcome.

Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *