Documentation > Splunk > Admin Manual > commands.conf

Admin Manual

 


Welcome
What to do first
Start Splunk
Meet Splunk Web and Splunk Apps
Before you configure
Add data and configure inputs
Indexing and event processing
Timestamps
Add and manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Set up forwarding and receiving
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

commands.conf

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

commands.conf

The following are the spec and example files for commands.conf.

commands.conf.spec

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.0 
#
# This file contains possible attribute/value pairs for creating search commands for 
# any custom search scripts created.  Add your custom search script to $SPLUNK_HOME/etc/searchscripts/
# or $SPLUNK_HOME/apps/MY_APP/bin/.  For the latter, put a custom commands.conf in 
# $SPLUNK_HOME/apps/MY_APP.  For the former, put your custom commands.conf 
# in $SPLUNK_HOME/etc/system/local/.

# There is a commands.conf in $SPLUNK_HOME/etc/system/default/.  For examples, see 
# commands.conf.example.  You must restart Splunk to enable configurations.

# To learn more about configuration files (including precedence) please see the documentation 
# located at http://www.splunk.com/base/Documentation/latest/Admin/Aboutconfigurationfiles


[$STANZA_NAME]
	* Each stanza represents a search command; the command is the stanza name.
	* The stanza name invokes the command in the search language.
	* Set the following attributes/values for the command.  Otherwise, Splunk uses the defaults.

type = <string>
	* Type of script: python, perl
	* Defaults to python.

filename = <string>
	* Name of script file for command.
	* <stanza-name>.pl for perl.
	* <stanza-name>.py for python.

streaming = <true/false>
	* Is the command streamable.
	* Defaults to false.
	
maxinputs = <integer>
	* Maximum number of events that can be passed to the command for each invocation.
	* 0 for no limit.
	* Defaults to 50000.

passauth = <true/false>
	* If set to true, passes an authentication token on the start of input.
	* Defaults to false.

run_in_preview = <true/false>
	* Run this command if we generating results just for preview rather than final output?
	* Defaults to true
       	
enableheader = <true/false>
	* Indicate whether or not your script is expecting header information or not.
	* Currently, the only thing in the header information is an auth token.
	* If set to true it will expect as input a head section + '\n' then the csv input
	* NOTE: Should be set to true if you use splunk.Intersplunk
	* Defaults to true.

retainsevents = <true/false>
	* Does command retain events?
		* e.g. sort/dedup/cluster.
	* Or does it transform them 
		e.g. stats.
	* Defaults to false.

generating = <true/false>
	* Does your command generate new events
		* eg if the no events are passed to the command, will it generate events?
	* Defaults to false.

generates_timeorder = <true/false>
        * If generating = true, does command generate events in descending time order (latest first)
	* Defaults to false.

overrides_timeorder = <true/false>
        * If generating = false, does command change the order of events with respect to time
	* Defaults to true.

requires_preop
	* require pre-streaming operations
	* Defaults to false.

streaming_preop = <string>
	* A string that denotes the requested pre-streaming search string.

supports_multivalues = <true/false>
	* Does command support multivalues.  If true, multivalues will be treated as python lists of strings instead of a flat string (when using Intersplunk to interpret stdin/stdout)
	     
supports_getinfo = <true/false>
	* Does the command support dynamic probing for settings via the first argument 
	being invoked == __GETINFO__ or __EXECUTE__.

commands.conf.example

# Copyright (C) 2005-2010 Splunk Inc.  All Rights Reserved.  Version 4.0 
#
# Configuration for external search commands
#

##############
# defaults for all external commands, exceptions are below in individual stanzas

# type of script: 'python', 'perl'
TYPE = python
#default FILENAME would be <stanza-name>.py for python, <stanza-name>.pl for perl and <stanza-name> otherwise

# is command streamable?
STREAMING = false

# maximum data that can be passed to command (0 = no limit)
MAXINPUTS = 50000

# end defaults
#####################

[crawl]
FILENAME = crawl.py

[createrss]
FILENAME = createrss.py

[diff]
FILENAME = diff.py

[gentimes]
FILENAME = gentimes.py

[head]
FILENAME = head.py

[iplocation]
FILENAME = iplocation.py

[loglady]
FILENAME = loglady.py

[marklar]
FILENAME = marklar.py

[runshellscript]
FILENAME = runshellscript.py

[sendemail]
FILENAME = sendemail.py

[translate]
FILENAME = translate.py

[transpose]
FILENAME = transpose.py

[uniq]
FILENAME = uniq.py

[windbag]
filename = windbag.py
supports_multivalues = true

[xmlkv]
FILENAME = xmlkv.py

[xmlunescape]
FILENAME = xmlunescape.py
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0/Admin/Commandsconf"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!