About the CLI
Contents
About the CLI
You can use Splunk's command line interface (CLI) to monitor, configure, and execute searches on your Splunk server. The CLI help exists in the product and is accessible through a terminal or shell interface. This topic discusses how to access this information and what commands are available.
How to access the CLI
Splunk's CLI is located in $SPLUNKHOME/bin/splunk.
To access Splunk CLI, you need either:
- Shell access to a Splunk server, or
- Permission to access the correct port on a remote Splunk server.
If you have administrator or root privileges you can simplify CLI access by adding the top level directory of your Splunk installation to your shell path. The $SPLUNK_HOME variable refers to the top level directory. Set a SPLUNK_HOME environment variable and add $SPLUNK_HOME/bin to your shell's path.
This example works for Linux/BSD/Solaris users who installed Splunk in the default location:
# export SPLUNK_HOME=/opt/splunk # export PATH=$SPLUNK_HOME/bin:$PATH
This example works for Mac users who installed splunk in the default location:
# export SPLUNK_HOME=/Applications/Splunk # export PATH=$SPLUNK_HOME/bin:$PATH
Now you can invoke CLI commands using:
./splunk <command>
CLI help documentation
If you have administrator privileges, you can use the CLI not only to search but also to configure and monitor your Splunk server (or servers). The CLI commands used for configuring and monitoring Splunk are not search commands. Search commands are arguments to the search and dispatch CLI commands. Some commands require you to authenticate with a username and password or specify a target Splunk server.
You can look up help information for the CLI using:
./splunk help
For more information about how to access help for specific CLI commands or tasks, see "Get help with the CLI" and "Administrative CLI commands" in this manual.
Note for Mac users
Mac OS X requires you to have superuser level access to run any command that accesses system files or directories. Run CLI commands using sudo or "su -" for a new shell as root. The recommended method is to use sudo. (By default the user "root" is not enabled but any administrator user can use sudo.)
Working with the CLI on Windows
To access and use CLI commands on Windows, run cmd.exe as administrator first. Also, If you're using Windows, Splunk does not require the "./" to run CLI commands.
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has around using the CLI.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.
Comments
Logan, i recommend you try the User Manual to get some ideas:
http://www.splunk.com/base/Documentation/latest/User/
tell Splunk to index some data, and then run a search for * in the Search app to see the events
How do you use splunk? So far all the technical docs just tell you what you can do. I would like to know how to check that what I have configured actually works. a step by step guide with basic examples would be nice.
http://docs.splunk.com/Documentation/Splunk/5.0.2/Admin/AbouttheCLI#How_to_access_the_CLI
^ that talks about setting up the "$PATH" then goes on to say "./splunk"
It should probably instead say to "hash -r" then invoke as "splunk"