Is it possible to use the oneshot command from a remote server.
Essentially we have a series of logs that are not able to be accessed by a forwarder in the normal ways (because of permissions etc.) is it possible to use the oneshot function to get the logs into a remote indexer using the CLI?
asked 03 Aug '10, 00:22
No. Invoking the oneshot command (
However, if you're able to use the CLI from the machine where the data is stored, then you must have an instance of Splunk there. This instance could certainly be set up as a forwarder with outputs to the indexer, and no inputs. You can then call oneshot locally, and it would forward the data. I guess I don't really see a normal situation where you'd be able to use the CLI locally but not be able to forward.
Of course if it is oneshot, you can always just copy the files over to the indexer using some other method (scp, sftp, whatever) and then oneshot them or place them in the batch directory.
answered 03 Aug '10, 00:33