How Splunk Uses the CLI
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
How Splunk Uses the CLI
Splunk's command line interface provides most of the functionality of the splunkweb GUI, minus a few graphically-oriented features such as plotting Events by Time. It adds several administrative controls, such as starting and stopping the server. Most commands use the same SOAP API calls used by splunkweb. Additional commands work directly through the local Unix operating system.
Most operations take the form:
# splunk [action] [context] [default argument] -parameter
Each command follows one of the following existing sets of actions:
- [ add, edit, remove, list ]
- [ enable, disable, list ]
- [ set ]
- [ search ]
- [ login, logout ]
Examples
Below are a few examples of typical commands. Each How-to section includes more specific examples. A formal and complete listing of Splunk command line syntax is in the TK.
Search
# splunk search hoursago::1 sourcetype::linux_messages_syslog NOT success
Login
# splunk login melissa:s33kr1t
Data Input
# splunk add tail /var/log/ -liveonly true
Users
# splunk add user -username algore -full-name "Al Gore" -password pa55word -auth admin:changeme
Splunk-2-Splunk
# splunk enable receive
Summary
# splunk summary sources -sort most-events
This documentation applies to the following versions of Splunk: 2.1 , 2.2 , 2.2.1 , 2.2.3 , 2.2.6 View the Article History for its revisions.