因為 Splunk CLI 一樣需樣登入
所以可以先在 Script 檔案中預先輸入帳號、密碼
|
1 2 |
export SPLUNK_USERNAME=帳號 export SPLUNK_PASSWORD=密碼 |
然後在下 Splunk 的登入、查詢等指令
|
1 2 |
/opt/splunk/bin/splunk login /opt/splunk/bin/splunk search 'index=_internal source=*metrics.log group=per_index_thruput NOT (series=_* OR series=*summary) starttime=02/07/2013:00:00:00 | timechart span=1d sum(eval(kb/1024)) AS "MB indexed" by series | fields + main | fields - _* | outputcsv test_usage.csv' |
這邊主要是將結果輸出到 test_usage.csv ,預設存放路徑為 “/opt/splunk/var/run/splunk/” (檔案格式為CSV)
並且輸出欄位僅留下 “main”
順帶一提的是 Splunk CLI 指令中不能包含常用的 Script 變數
所以可以先用 Script 將變數搭配 Splunk 指令輸出到一個文字檔中
再去執行該文字檔,下面是個例子
|
1 2 |
/bin/sh /tmp/test_usage.sh > /tmp/test_usage2.sh /bin/sh /tmp/test_usage2.sh |
而第一個 Script 檔案要注意保留字元的部分
|
1 2 3 4 5 6 |
/bin/echo "export SPLUNK_USERNAME=帳號" /bin/echo "export SPLUNK_PASSWORD=密碼" /bin/echo "/opt/splunk/bin/splunk login" /bin/echo "/opt/splunk/bin/splunk search 'index=_internal source=*metrics.log group=per_index_thruput NOT (series=_* OR series=*summary) starttime=$(date '+%m/%d/%Y'):00:00:00 | timechart span=1d sum(eval(kb/1024)) AS "MB indexed" by series | fields + main | fields - _* | outputcsv test_usage.csv'" /bin/echo "/bin/echo "已使用額度"" /bin/echo "/bin/echo $(/bin/sed '1d;s/^.//;s/.$//' /opt/splunk/var/run/splunk/test_usage.csv)" |