🖥️splunk

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the splunk command with important options and switches using examples.

2 minute read

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                ███████╗██████╗ ██╗     ██╗   ██╗███╗   ██╗██╗  ██╗
#                ██╔════╝██╔══██╗██║     ██║   ██║████╗  ██║██║ ██╔╝
#                ███████╗██████╔╝██║     ██║   ██║██╔██╗ ██║█████╔╝ 
#                ╚════██║██╔═══╝ ██║     ██║   ██║██║╚██╗██║██╔═██╗ 
#                ███████║██║     ███████╗╚██████╔╝██║ ╚████║██║  ██╗
#                ╚══════╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝  ╚═══╝╚═╝  ╚═╝
                                                                   
                                                                  
# indexes we have
index="network_dhcp" dest_ip=10.16.238.62
index="security_symantec" Security risk found
index="network_proxy_cisco" src_ip=XX.xx
index="network_proxy_cisco" 192.168.0.0
index="network_firewall_cisco" 195.....
index="network_wlc_cisco" 195.....

#network_api_user
9kg9y-EtaZBcqHti_ykz

#Zur Verwendung ist hier eine Beschreibung:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.0/RESTUM/RESTusing

#Zuerst musst du dir einen Session-Key holen der temporär für eine Stunde gültig ist:
curl -k https://splunk.lxu.io:8089/services/auth/login --data-urlencode username=network_api_user --data-urlencode password=

#Folgende Befehle können dann mit eingbunden Session-Key im Header ausgeführt werden:
curl -k -H "Authorization: Splunk <session-key>" ...

#Eine wird wie folgt ausgeführt:
curl -k -H "Authorization: Splunk <session_key>" https://splunk.lxu.io:8089/services/search/jobs/export -d search="search index=network_dhcp earliest=-5m | stats count"

Sessionkey = curl -k https://splunk.lxu.io:8089/services/auth/login --data-urlencode username=network_api_user --data-urlencode password=5xgOy-EtaZTcqHti_ZkY

curl -k -H "Authorization: Splunk $SESSIONKEY" https://splunk.lxu.io:8089/services/search/jobs/export -d search="search index=network_dhcp earliest=-5m | stats count"

curl -k -H "Authorization: Splunk $SESSIONKEY" https://splunk.lxu.io:8089/services/search/jobs/export -d search="search index=network_proxy_cisco earliest=-5m | top dest limit=50" 

#==============================##==============================#
# CMD SPLUNK						       #
#==============================##==============================#

Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command splunk in a clear format. This allows users to quickly access the needed information for splunk without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for splunk are a valuable resource to work efficiently and purposefully.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.