Documentation > Splunk > Developing Dashboards, Views, and Apps for Splunk Web > CLI for search

Developing Dashboards, Views, and Apps for Splunk Web

 


Overview
User Interface
Data Inputs
Data Outputs
Management

CLI for search

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

CLI for search

Note: this page has not been fully updated for 3.0.


The command-line search API supports the exact same syntax as the Splunk box, with additonal parameters.


Actions

Default Argument

Parameters

where range is n items returned from the full results. Example:


splunk search 404 -get sources::0-9

returns the first 10 sources from the specified search.


Example 

splunk search -get hosts "smtp NOT success hoursago::1"

By default only 100 events are returned when a search is done from the CLI. This can be changed by adding maxresults:: to your search. For large searches, we recommend you use the "raw" output type to reduce memory usage. 


splunk search -output rawevents "meta::all minutesago::120 maxresults::100000"
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.1.1/Developer/CLIForSearch"

This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.