Documentation > Splunk > Admin Manual > Get help with the CLI

Admin Manual

 


Welcome to Splunk administration
What to do first
Use Splunk Web
Meet Splunk apps
Configure Splunk
Indexing with Splunk
Add data and configure inputs
Set up forwarding and receiving
Configure event processing
Configure event timestamping
Configure indexed field extraction
Manage users
Manage indexes
Define alerts
Set up backups and retention policies
Configure data security
Deploy to other Splunk instances
Set up distributed search
Manage search jobs
Use Splunk's command line interface (CLI)
Configuration file reference
Troubleshooting

Get help with the CLI

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

Get help with the CLI

This topic discusses how to access Splunk's built-in CLI help reference, which contains information about the CLI commands and how to use them. This topic also briefly discusses the universal parameters, which are parameters that you can use with any CLI command.

Access CLI help reference

If you need to find a CLI command or syntax for a CLI command, use Splunk's built-in CLI help reference. You can access the default help information with the help command: 

./splunk help

Splunk returns: 

Welcome to Splunk's Command Line Interface (CLI).  

Type these commands for more help:

    help simple, cheatsheet    display a list of common commands with syntax
    help commands              display a full list of CLI commands
    help [command]             type a command name to access its help page
    help [object]              type an object name to access its help page
    help [topic]               type a topic keyword to get help on a topic
    help datastore             manage Splunk's local filesystem use
    help distributed           manage distributed configurations such as
                               data cloning, routing, and distributed search
    help forwarding            manage deployments
    help input, inputs         manage data inputs
    help control, controls     tools to start, stop, manage Splunk processes
    help settings              manage settings for your Splunk server
    help tools                 tools to help your Splunk server
    help training              train Splunk to recognize dates, source
                               types, or fields      
    help search                help with Splunk CLI searches 


Syntax:

    [command] [object] [-parameter <value> | <value>]... [-uri][-auth]


  Universal Parameters:

    The app, auth, and uri parameters are usable by any command.  Type "splunk help 
    [app|auth|uri]" for details on each parameter.
                 

    app        specify the App or namespace to run the command; for search,
               defaults to the Search App
    auth       specify login credentials to execute commands that require 
               you to be logged in
    uri        execute a command on any specified Splunk server


For the list of all CLI commands, type: 

./splunk help commands

Or, access the help page about Splunk search commands with: 

./splunk help search-commands

For more information, see "CLI admin commands" in this manual. For details on syntax for searching your data with the CLI, refer to "About CLI Searches" in the Search Reference Manual.

Note: Notice the dash (-) between the words: "search" and "commands". This is because the Splunk CLI interprets spaces as breaks. Use dashes between multiple words for topic names that are more than one word.

Universal parameters

Some commands require that you authenticate with a username and password, or specify a target host or app. For these commands you can include one of the universal parameters: auth, app, or uri.

auth

If a CLI command require authentication, Splunk will prompt you to supply the username and password. You can also use the -auth flag to pass this information inline with the command. The auth parameter is also useful if you need to run a command that requires different permissions to execute than the currently logged-in user has.

Note: auth must be the last parameter specified in a CLI command argument.

Syntax: 

./splunk command object [-parameter value]... -auth username:password

uri

If you want to run a command on a remote Splunk server, use the -uri flag to specify the target host.

Syntax: 

./splunk command object [-parameter value]... -uri specified-server

Specify the target Splunk server with the following format: 

[http|https]://name_of_server:management_port

Example: The following example returns search results from the remote "splunkserver" on port 8089. 

./splunk search "host=fflanda error 404 *.gif" -auth admin -uri https://splunkserver:8089

Note: For more information about the CLI commands you can run on a remote server, see the next topic in this chapter.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.1/Admin/GethelpwiththeCLI"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.


Comments

For the list of all CLI commands, type:
./splunk help commands

this will list all the commands, then you can get help for each command via its own help text.

Rachel
April 11, 2011

Where's the list of parameters for every command? Wherever it is, why the heck isn't it linked in this page?

Tgfurnish
April 8, 2011

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!