About the CLI

About the CLI

You can use the Splunk CLI to monitor, configure, and execute searches on your Splunk server. Your Splunk role configuration dictates what actions (commands) you can execute. Most actions require you to be a Splunk administrator.

How to access the CLI

To access Splunk CLI, you need either:

• Shell access to a Splunk server, or
• Permission to access the correct port on a remote Splunk server.

If you have administrator or root privileges you can simplify CLI usage by adding the top level directory of your Splunk installation to your shell path. The $SPLUNK_HOME variable refers to the top level directory. Set a SPLUNK_HOME environment variable and add $SPLUNK_HOME/bin to your shell's path.

This example works for Linux/BSD/Solaris users who installed Splunk in the default location:

# export SPLUNK_HOME=/opt/splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

This example works for Mac users who installed splunk in the default location:

# export SPLUNK_HOME=/Applications/Splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

CLI commands

If you have administrator privileges, you can use the CLI not only to search but also to configure and monitor your Splunk server (or servers). The CLI commands used for configuring and monitoring Splunk are not search commands. Search commands are arguments in the search and dispatch CLI commands.

You can find all CLI documentation in the CLI help reference. For the list of CLI commands, type:

./splunk help commands

Or, access the help page about Splunk search commands with:

./splunk help search-commands

For more information, see "Get help with the CLI" in this manual.

Note for Mac users

Mac OS X requires you to have superuser level access to run any command that accesses system files or directories. Run CLI commands using sudo or "su -" for a new shell as root. The recommended method is to use sudo. (By default the user "root" is not enabled but any administrator user can use sudo.)

• Was this topic useful?
• Post a comment