Project

grunk

0.0
No commit activity in last 3 years
No release in over 3 years
grunkbeezly/grunkHomepageDocumentationSource CodeBug TrackerWiki
Command Line interface to Splunk API
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
21,582
Stars
5
Forks
0
Watchers
2
 Releases
Current version
0.0.7
Total releases
7
First release
2012-04-23
Latest release
2013-08-25
 Issues
Open Issues
1
Closed Issues
1
Total Issues
2
Issue Closure Rate
50%
 Development
Primary Language
Ruby
Licenses
GPL-3
Average date of last 50 commits
2012-12-18
Reverse Dependencies
0

 Dependencies

Runtime

getopt
>= 1.3.8
splunk-sdk-ruby
>= 1.0.2
 Project Readme

grunk

Gem Version

Grunk is a tool for Splunk which has enables you to query a Splunk server from the command line using only the REST API. You do not need to have any of the Splunk binaries installed on your machine.

Installation

Requires Ruby >= 1.9.3 and rubygems. Once you have those;

gem install grunk

Configuration

Grunk expects a configuration file in your home directory called .splunkrc which follows the same format as the splunk-sdk-ruby .splunkrc file

It should look something like;

{
  :username => '<username>', 
  :password => '<password>',
  :port => '<management port>',
  :host => '<host>',
  :protocol => '<https or http>'
}

Usage

grunk <options> <splunk search query>

Grunk can accept various options

  • -e A splunk style time indicating the earliest time of the search

  • -l A splunk style time indicating the latest time of the search

  • -d Display the log timestamp next to each result

  • -o Display the host field next to each result

  • -s Display the source field next to each result

Example

grunk -o 'error OR 404'

Realtime queries work too (you can use grunk like tail -f):

grunk -e rt-10s -f rt 'host=somehost sourcetype=mainlog'