Releases: nlink-jp/splunk-cli
v2.1.0
Highlights
Adds an opt-in --prepend flag (and [splunk] prepend config field) for controlling how splunk-cli wraps your SPL before submission. Default behavior is unchanged. Three modes:
| Mode | When search is added |
Notes |
|---|---|---|
pipe-only (default) |
unless input starts with | |
Historical behavior; backward compatible. |
auto |
unless input starts with | or with the search command (followed by whitespace / EOF) |
Convenient for pasting from Splunk Web. Does not detect macros that expand to a leading command — use off for that. |
off |
never | Caller supplies a complete SPL. |
Precedence: CLI flag > config file > built-in default (pipe-only).
# per-invocation
splunk-cli run --prepend auto --spl 'search index=foo | stats count'
# or persisted in ~/.config/splunk-cli/config.toml
[splunk]
prepend = "auto"Closes #4.
Internal
The auto-prepend logic moved into the new internal/spl package as a pure Wrap(spl, mode) helper with table-driven tests. The Splunk client now delegates to it instead of inlining the rule. No observable change at the default mode.
Downloads
All darwin variants are Developer ID signed and Apple-notarized. No xattr -d com.apple.quarantine workaround needed.
| Asset | Platform |
|---|---|
splunk-cli-v2.1.0-darwin-universal.zip |
macOS (Intel + Apple Silicon) |
splunk-cli-v2.1.0-darwin-amd64.zip |
macOS (Intel only) |
splunk-cli-v2.1.0-darwin-arm64.zip |
macOS (Apple Silicon only) |
splunk-cli-v2.1.0-linux-amd64.zip |
Linux x86_64 |
splunk-cli-v2.1.0-linux-arm64.zip |
Linux ARM64 |
splunk-cli-v2.1.0-windows-amd64.zip |
Windows x86_64 |
v2.0.4 — Developer ID signed + Apple notarized darwin builds (incl. universal)
Summary
Darwin builds are now Apple Developer ID Application signed and Apple-notarized, adopting the org-wide convention defined in nlink-jp/.github CONVENTIONS.md §Code Signing. End users on macOS no longer need to bypass Gatekeeper with right-click → Open or xattr -d com.apple.quarantine on first launch — the binary is trusted by the OS out of the box.
v2.0.3 was tagged without binary assets; v2.0.4 restores binary release artifacts (last seen in v2.0.2) with proper signing, notarization, and versioned filenames.
Added
packageMakefile target — builds 5 platforms + darwin-universal, signs darwin builds (incl. universal), zips each with README.md, notarizes the 3 darwin zips.
Changes
feat(build): Developer ID codesigning and Apple notarization—make packagesigns all darwin variants with a Developer ID Application certificate and notarizes the resulting zips viaxcrun notarytool. No personal identifiers, certificates, or credentials are committed; builds without local cert/profile fall back gracefully.- Release zip filenames now embed the version:
splunk-cli-vX.Y.Z-<os>-<arch>.zip.
Verifying the signature
codesign -dv splunk-cli
spctl --assess --type install --context context:primary-signature splunk-cliNo behaviour change to the binary itself — feature-wise this is identical to v2.0.3.
v2.0.3
Fixed
- Skip config file permission check on Windows/NTFS — NTFS always reports mode 0666 regardless of ACL settings, causing a spurious warning on every command (#1)
- Document NTFS ACL-based alternative (
icacls) for securing config files on Windows - Environment variables (
SPLUNK_TOKEN, etc.) remain the recommended approach on Windows
v2.0.2
Added
- Integration tests against a live Splunk instance (
//go:build integration).
Covers: full search lifecycle, limit, empty results, cancel, invalid SPL, and search-prefix behaviour. scripts/splunk-up.sh/scripts/splunk-down.sh: start and stop a Splunk container via Podman for local integration testing.make integration-test/make splunk-up/make splunk-downMakefile targets.
Documentation
BUILD.mdrewritten with current build, test, and release instructions including integration test setup.README.mddevelopment section updated with current Makefile targets.
v2.0.1
Bug Fixes
- Resource leak in pagination:
resp.Bodywas deferred inside the results loop, preventing response bodies from being closed until the entireResults()call returned. ExtractedfetchResultsPage()helper to fix this. - Null results JSON: empty result sets marshalled as
{"results": null}instead of{"results": []}. Fixed withmake([]json.RawMessage, 0). - Double
GetJobStatuscall:runandresultscommands each calledGetJobStatus, andResults()called it again internally.Results()now acceptstotalResults intfrom the caller, eliminating the redundant API round-trip.
Lint
- All
golangci-lintwarnings resolved (errcheck, staticcheck ST1005, unused).
v2.0.0
Breaking Changes
- Config format changed: JSON → TOML. Rename
~/.config/splunk-cli/config.jsontoconfig.tomland update the format. See config.example.toml for the new structure. - Module path:
github.com/nlink-jp/splunk-cli(transferred frommagifd2/splunk-cli).
What's New
- CLI framework migrated to Cobra
- Config file permission check (warns if group/world-readable)
- Warning when sending token over unencrypted HTTP
- Unit tests for config loading and API client
- Makefile aligned with cli-series conventions
Commands and flags are unchanged: run, start, status, results.
See CHANGELOG.md for full details.
v1.4.0
[1.4.0] - 2025-08-28
Changed
- Implemented pagination for result fetching to correctly handle large result sets that exceed the API's single-request limit. This ensures that
--limit 0fetches all results and that--limitvalues greater than 50,000 are respected.
v1.3.0
v1.2.1
v1.2.0
[1.2.0] - 2025-08-14
Changed
- Major Refactoring: The entire codebase has been refactored for better modularity, testability, and maintainability.
- Core Splunk API interaction logic has been extracted into a new
splunkpackage. - Command-line interface (CLI) logic has been separated into a new
cmdpackage, with each command in its own file. - The main application entrypoint (
splunk-cli.go) is now significantly simplified.
- Core Splunk API interaction logic has been extracted into a new