Grunk - Grep/Tail/Cat like access to splunk logs
Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
bin
Gemfile
README.md
grunk.gemspec

README.md

grunk

Gem Version

Grunk is a tool for Splunk which has enables you to query a Splunk server from the command line using only the REST API. You do not need to have any of the Splunk binaries installed on your machine.

Installation

Requires Ruby >= 1.9.3 and rubygems. Once you have those;

gem install grunk

Configuration

Grunk expects a configuration file in your home directory called .splunkrc which follows the same format as the splunk-sdk-ruby .splunkrc file

It should look something like;

{
  :username => '<username>', 
  :password => '<password>',
  :port => '<management port>',
  :host => '<host>',
  :protocol => '<https or http>'
}

Usage

grunk <options> <splunk search query>

Grunk can accept various options

  • -e A splunk style time indicating the earliest time of the search

  • -l A splunk style time indicating the latest time of the search

  • -d Display the log timestamp next to each result

  • -o Display the host field next to each result

  • -s Display the source field next to each result

Example

grunk -o 'error OR 404'

Realtime queries work too (you can use grunk like tail -f):

grunk -e rt-10s -f rt 'host=somehost sourcetype=mainlog'