sc - Splunk Client
sc [--host <host>] [--port <port>] [--login <login>] [--password <password>] [--insecure] <subcommand> [<arguments>,...]
This is remote client for Splunk log search engine based upon WWW::Splunk. It is currently quite limited in capabilities, but intended and designed to be extended in future.
|--host <host>||Sets remote server to connect to. Defaults to localhost.|
|--port <port>||Sets port of remote server to connect to. Defaults to 8089. Please note that this is the management port, not the WWW interface port.|
|--login <login>||User name of the user to connect to Splunk as. Defaults to admin. The defaults for username and password will probably (hopefully?) not suit your configuration.|
|--password <password>||Password of the user to connect to Splunk as. Defaults to changeme.|
|--insecure||Tolerate SSL errors.|
|<subcommand> [<arguments>]||Subcommand to run. Currently defined is just search.|
search [-t|--since <time>] [-T|--until <time>] [-f|--format compact|long|raw] <search string>Conduct a search, output the raw log data as they are looked up. Terminate when the search is finished.
|-t, --since <time>||Cut off at given time. The time specification is any string understood by Date::Manip. Most common formats apply as well as human-readable relative time specifications (see EXAMPLES).
Defaults to unlimited.
|-T, --until <time>||Do not look for entries newer than given time. The format of the time specification is the same as for --since option.
If this or --since is
|-f, --format compact|long|raw||Switch output format style.|
|sc --host splunk.example.net --login user --password s1kr3t2 search --since ’2 days ago’ --until yesterday ’network AND error | head 10’||Perform a simple search query limited by given time frame.|
|sc search --since ’rt-30’ ’source=/var/log/httpd/access_log |stats count by http_status_code’||Perform a simple real-time search.|