Recycling is universally considered to be a good thing, right?

Good. Then that means that we at Splunk are obligated to play play beer pong every Friday! I figure that with all the bottles and cans that subsequently go into the recycling bin, we’re probably offsetting a small percentage of the many computers we use here… amirite?

If you disagree, you can voice your opinions in person. See you here Friday at 5PM. ;)

Lots of things are said here that are… hmm, what’s the word… inappropriate? disgusting? TMI? omgwtfbbq?

My boss just told me, “Amrit, I have a camera on my computer. And when I’m at home, anytime you want, I can turn on the camera and you can watch.”

There was more, but I think my ears reflexively closed in on themselves.

:/

It’s a little known (mainly because it’s undocumented) fact that it is possible to use the Splunk CLI to manage remote Splunk servers. This capability has been built into the product since version 2.1, and allows one to do things such as remotely manage data inputs, run searches, manage users, etc. For fairly obvious reasons, this cannot be done with commands that require Splunkd to be stopped.

The syntax is simple:

/opt/splunk/bin/splunk <command> [<subcommand>] <params> -uri https://my2ndSplunkBox:8089

The key here is the -uri parameter, which instructs the PCL to send all SOAP requests to the specified server. There are 3 pieces to the parameter: protocol, host, and port.

The protocol must be one of http or https, depending on whether or not SSL is enabled on the Splunkd port. Most users will want the latter, as recent versions of Splunk enable SSL on this port by default.

The second part is the hostname or IP address of the host that the remote Splunk server is running on. This should need no real explanation - in this case, the remote server has the hostname my2ndSplunkBox.

The last part of the argument is the Splunkd port (aka the management port). Note that this is not the port that’s used to reach the web interface, but the port that Splunkd listens on for incoming SOAP requests. If you’re unsure of what this port is, try the default, which is 8089. Alternatively, splunk show splunkd-port will display the Splunkd port that the current server is listening on.

As a practical example, one can add a tailed data input on the /var/log directory of host my2ndSplunkBox with the following command:

splunk add tail /var/log -uri https://my2ndSplunkBox:8089

The only caveat to this feature is that if you’re logged into your Splunk server via splunk login, you will have to re-authenticate when sending commands to the remote server (and once again when

Well, I guess I had to start “blogging” eventually…

Hi, I’m Amrit, the main CLI (Command Line Interface) and PCL (Python Control Layer) guy here at Splunk. This means that I maintain our more common bash scripts (bin/splunk & friends), and our Python support scripts (site-packages/splunk/clilib/), which do the heavy lifting for a number of CLI & Web UI features.

These aren’t the only things I work on, but they are the parts of the Splunk codebase that have consumed most of my time since starting here in December 2005. I should also mention that Ivan Tam (no blog.. yet..?), who now works on the SplunkWeb UI, helped write the first implementation of the PCL during mid-2006.

Every now and then I’ll post some tips & tricks related to the things I’m working on, which you’ll hopefully find useful.

KTHXBAI