Get help with the CLI
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Get help with the CLI
This topic discusses how to access Splunk's built-in CLI help reference, which contains information about the CLI commands and how to use them. This topic also briefly discusses the universal parameters, which are parameters that you can use with any CLI command.
Access CLI help reference
If you need to find a CLI command or syntax for a CLI command, use Splunk's built-in CLI help reference.
To start, you can access the default help information with the
This will return a list of objects to help you access more specific CLI help topics, such as administrative commands, clustering, forwarding, licensing, searching, etc.
Some commands require that you authenticate with a username and password, or specify a target host or app. For these commands you can include one of the universal parameters:
[command] [object] [-parameter <value> | <value>]... [-uri][-auth]
|app||specify the App or namespace to run the command; for search, defaults to the Search App.|
|auth||specify login credentials to execute commands that require you to be logged in.|
|owner||specify the owner/user context associated with an object; if not specified, defaults to the currently logged in user.|
|uri||excute a command on any specified (remote) Splunk server.|
If a CLI command require authentication, Splunk will prompt you to supply the username and password. You can also use the
-auth flag to pass this information inline with the command. The
auth parameter is also useful if you need to run a command that requires different permissions to execute than the currently logged-in user has.
auth must be the last parameter specified in a CLI command argument.
./splunk command object [-parameter value]... -auth username:password
If you want to run a command on a remote Splunk server, use the
-uri flag to specify the target host.
./splunk command object [-parameter value]... -uri specified-server
Specify the target Splunk server with the following format:
Both IPv4 and IPv6 formats are supported for specifying an IP address, for example: 127.0.0.1:80 or "[2001:db8::1]:80". By default, splunkd listens on IPv4 only. To enable IPv6 support, refer to the instructions in "Configure Splunk for IPv6".
Example: The following example returns search results from the remote "splunkserver" on port 8089.
./splunk search "host=fflanda error 404 *.gif" -auth admin -uri https://splunkserver:8089
Note: For more information about the CLI commands you can run on a remote server, see the next topic in this chapter.
Useful help topics
When you run the default Splunk CLI help, you will see these objects listed.
CLI help for commands
You can use the CLI for administrative functions such as adding or editing inputs, updating configuration settings, and searching. If you want to see the list of administrative CLI commands type in:
./splunk help commands
These commands are discussed in more detail in "CLI admin commands" in this manual.
CLI help for search
You can also use the CLI to run both historical and real-time searches. Access the help page about Splunk search with:
./splunk help search
Also, use objects
search-modifiers to access the respective help descriptions and syntax:
./splunk help search-commands ./splunk help search-fields ./splunk help search-modifiers
Note: The Splunk CLI interprets spaces as breaks. Use dashes between multiple words for topic names that are more than one word.