#! /bin/bash

#######################################################
# spsearch - is a simple command line splunk searching
#            searching command line that will search
#            splunk for a pattern
#
# By Kirk Waingrow 8/08
#
# Syntax: spsearch "pattern"
#
# If pattern is left blank, then spsearch displays
# the last 10 searches and allow you to type a
# search pattern in.
#
#######################################################
if [ `whoami` != "root" ]; then
  echo
  echo "***"
  echo "*** ATTENTION: You must know the Production root password to run this"
  echo "***"
  echo
fi

TMP="/tmp"
SPLUNK="/opt/splunk/bin/splunk"
rserver="root@searcher0001.els1.myspacecdn.com"

me=`whoami`
splunkd=`ps -ef | grep splunkd | grep -v grep`


# Search the local splunk
search_splunk()
{
  echo "$pattern" >> $TMP/spsearch.txt.$me
if [ -n "$splunkd" ]; then
  $SPLUNK dispatch "$pattern" -auth splunk:admin  
else
  echo
  echo "[ ...Searching Splunk Remotely on $rserver... ] "
  echo
  ssh $rserver $SPLUNK dispatch \"$pattern\" -auth admin:admin 
fi
  #echo; echo -n "Hit [enter] to continue :"; read dummy
  echo
}

# Previous commands entered
prevcom()
{
  if [ -f "$TMP/spsearch.txt.$me" ]; then
    echo "Previous Searches:"
    echo "------------------"
    tail -10  /tmp/spsearch.txt.$me
  fi
}
 

# Display a splunk commpand prompt
splunk_prompt()
{
  prevcom
  echo 
  echo -n "Enter Splunk Search >"
  read pattern
  search_splunk
}

if [ ! -f "$TMP/spsearch.txt.$me" ]; then
  touch $TMP/spsearch.txt.$me
  chmod 777 $TMP/spsearch.txt.$me
fi

if [ -n "$1" ]; then 
  pattern="$1"
  search_splunk
else
 while [ 1 ] 
 do
   splunk_prompt
 done
fi