Documentation > Splunk > Admin Manual > commands.conf

Admin Manual

 


About the Splunk Admin Manual
How Splunk Works
Getting Started
Data Inputs
Data Distribution
Indexing
Timestamps
Fields
Hosts
Source Types
Event Types
Transaction Types
Search
Distributed Search
Alerts
Security
Data Management
Deployment Server
Performance Tuning
Configuration Files
Applications
Reference
Troubleshooting

commands.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

commands.conf

Use this file to create custom search commands.


commands.conf.spec 

# Copyright (C) 2005-2008 Splunk Inc.  All Rights Reserved.  Version 3.0 
#
# This file contains possible attribute/value pairs for creating search commands for 
# any custom search scripts created.  Add your custom search script to $SPLUNK_HOME/etc/searchscripts/
# or $SPLUNK_HOME/apps/MY_APP/bin/.  For the latter, put a custom commands.conf in 
# $SPLUNK_HOME/apps/MY_APP.  For the former, put your custom commands.conf 
# in $SPLUNK_HOME/etc/system/local/.
# There is a commands.conf in $SPLUNK_HOME/etc/system/default/.  For examples, see 
# commands.conf.example.  You must restart Splunk to enable configurations.
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/HowDoConfigurationFilesWork.
[$STANZA_NAME]
	* Each stanza represents a search command; the command is the stanza name.
	* The stanza name invokes the command in the search language.
	* Set the following attributes/values for the command.  Otherwise, Splunk uses the defaults.
type = <string>
	* Type of script: python, perl
	* Defaults to python.
filename = <string>
	* Name of script file for command.
	* <stanza-name>.pl for perl.
	* <stanza-name>.py for python.
streaming = <true/false>
	* Is the command streamable.
	* Defaults to false.
	
maxinputs = <integer>
	* Maximum number of events that can be passed to the command for each invocation.
	* 0 for no limit.
	* Defaults to 50000.
passauth = <true/false>
	* If set to true, passes an authentication token on the start of input.
	* Defaults to false.
	
enableheader = <true/false>
	* Indicate whether or not your script is expecting header information or not.
	* Currently, the only thing in the header information is an auth token.
	* Defaults to true.

commands.conf.example 

# Copyright (C) 2005-2008 Splunk Inc.  All Rights Reserved.  Version 3.0 
# This is an example commands.conf.  Use this to configure custom search commands.
#
# To use one or more of these configurations, copy the configuration block into commands.conf 
# in $SPLUNK_HOME/etc/system/local/.  You must restart Splunk to enable configurations.
# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/HowDoConfigurationFilesWork.
# NOTE: Add your custom search script to $SPLUNK_HOME/etc/searchscripts/
# or $SPLUNK_HOME/apps/MY_APP/bin/.  For the latter, put a custom commands.conf in 
# $SPLUNK_HOME/apps/MY_APP/.  For the former, put your custom commands.conf 
# in $SPLUNK_HOME/etc/system/local/.
[foo]
FILENAME = foo.pl
type = perl
[black_smoke]
FILENAME = black_smoke.py
Retrieved from "http://docs.splunk.com/Documentation/Splunk/3.4.10/Admin/Commandsconf"

This documentation applies to the following versions of Splunk: 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13 , 3.4.14 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!