All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Running splunk command returns no output

gekoner
Communicator
‎09-19-2011 07:37 PM

V4.1.6 - When running a batch command 'splunk list forwarder-server' as the splunk service, which is running as LocalSystem.
No error are returned, it just doesn't output anything either to the screen or to a file, unless I run the batch as a users with an interactive session.
Other splunk commands run without issue.

Does anyone have a good work around for this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gekoner
Communicator
‎11-08-2011 03:09 PM

This command is not supported from a non-interactive session. You must be logged in as a user to run this command. if I was running my LFC as a user account in the Windows Service this would work. But since Splunk is running as Local System, it doesn't produce any output. This is a security "feature", but the funny thing is other Splunk commands are allowed, so I'm not sure why this and other outputs are not allowed.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gekoner
Communicator
‎11-08-2011 03:09 PM

This command is not supported from a non-interactive session. You must be logged in as a user to run this command. if I was running my LFC as a user account in the Windows Service this would work. But since Splunk is running as Local System, it doesn't produce any output. This is a security "feature", but the funny thing is other Splunk commands are allowed, so I'm not sure why this and other outputs are not allowed.

0 Karma
Reply
Solved! Jump to solution

MBerikcurtis
Path Finder
‎09-20-2011 01:03 PM

using netstat from a command prompt, do you see the forwarder ports open? default is 9997.

0 Karma
Reply
Solved! Jump to solution

gekoner
Communicator
‎09-21-2011 09:18 AM

I see the LFC communicating to the Indexer on 9997 (Foreign Address). I don't see the client listing on 9997 (Local Address). If you thought the issue was that the client isn't communicating to the indexer, that isn't my issue. See my post. It is just this command not producing output, not locally to a file or ECHO to the screen.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...