CLI admin commands
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
CLI admin commands
This topic contains information on using the Splunk CLI to perform administrative functions.
For more information:
- For general information, see "Get help with the CLI".
- For details on syntax for searching using the CLI, refer to "About CLI searches" in the Search Reference Manual.
Splunk CLI command syntax
The general syntax for a CLI command is this:
./splunk <command> [<object>] [[-<parameter>] <value>]...
Note the following:
- Some commands don't require an object or parameters.
- Some commands have a default parameter that can be specified by its value alone.
Commands and objects
A command is an action that you can perform. An object is something you perform an action on.
Here is a list of the supported commands and the objects they can act upon:
command objects for the command
add [exec|forward-server|index|licenser-pools|licenses|
monitor|oneshot|saved-search|search-server|tcp|udp|user]
anonymize source
clean [eventdata|globaldata|userdata|all]
create app
disable [app|deploy-client|deploy-server|discoverable|
dist-search|index|listen|local-index|boot-start|
webserver|web-ssl]
edit [app|exec|forward-server|index|licenser-localslave|licenses|
monitor|saved-search|search-server|tcp|udp|user]
enable [app|deploy-client|deploy-server|discoverable|
dist-search|index|listen|local-index|boot-start|
webserver|web-ssl]
display [app|deploy-server|discoverable|dist-search|index|
jobs|listen|local-index|boot-start|webserver|web-ssl]
export,import [eventdata|userdata]
find logs
help NONE
list [deploy-clients|exec|forward-server|index|licenser-groups|
licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|
licenser-stacks|licenses|jobs|monitor|saved-search|search-server|
source|sourcetype|tcp|udp|user]
login,logout NONE
package app
refresh deploy-clients
reload [auth|deploy-server]
remove [app|exec|forward-server|jobs|licenser-pools|licenses|
monitor|saved-search|search-server|source|sourcetype|tcp|udp|user]
search NONE
set [datastore-dir|deploy-poll|default-hostname|default-index|
minfreemb|servername|splunkd-port|web-port]
show [config|datastore-dir|deploy-poll|default-hostname|
default-index|jobs|minfreemb|servername|
splunkd-port|web-port]
spool NONE
start,stop,restart [monitor|splunkd|splunkweb]
status [monitor|splunkd|splunkweb]
This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 View the Article History for its revisions.
Comments
so, its now mid 2012, and splunk still has yet to fully document CLI!?? i think they are not doing so because it makes them more money on support contracts.
This helps:
http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI
more information about the commands, please. whats the syntax of splunk add monitor .... for example?
links!
This is really, really inadequate documentation!
the CLI commands are fully documented via their own help system, as well as within the topics related to specific actions, such as http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI
refer to http://docs.splunk.com/Documentation/Splunk/latest/Admin/GethelpwiththeCLI for information on getting help on CLI commands.