Admin Manual

 


Use Splunk's command line interface (CLI)

CLI admin commands

NOTE - Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

CLI admin commands

This topic contains information on using the Splunk CLI to perform administrative functions.

For more information:

Splunk CLI command syntax

The general syntax for a CLI command is this:

./splunk <command> [<object>] [[-<parameter>] <value>]...

Note the following:

  • Some commands don't require an object or parameters.
  • Some commands have a default parameter that can be specified by its value alone.

Commands and objects

A command is an action that you can perform. An object is something you perform an action on.

Here is a list of the supported commands and the objects they can act upon:

    command               objects for the command

    add                   [exec|forward-server|index|licenser-pools|licenses|
                          monitor|oneshot|saved-search|search-server|tcp|udp|user]

    anonymize             source

    clean                 [eventdata|globaldata|userdata|all]

    create                app
 
    disable               [app|deploy-client|deploy-server|discoverable|
                          dist-search|index|listen|local-index|boot-start|
                          webserver|web-ssl]

    edit                  [app|exec|forward-server|index|licenser-localslave|licenses|
                          monitor|saved-search|search-server|tcp|udp|user]

    enable                [app|deploy-client|deploy-server|discoverable|
                          dist-search|index|listen|local-index|boot-start|
                          webserver|web-ssl]

    display               [app|deploy-server|discoverable|dist-search|index|
                          jobs|listen|local-index|boot-start|webserver|web-ssl]

    export,import         [eventdata|userdata]

    find                  logs 

    help                  NONE

    list                  [deploy-clients|exec|forward-server|index|licenser-groups|
                          licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|
                          licenser-stacks|licenses|jobs|monitor|saved-search|search-server|
                          source|sourcetype|tcp|udp|user]

    login,logout          NONE

    package               app
 
    refresh               deploy-clients
 
    reload                [auth|deploy-server]

    remove                [app|exec|forward-server|jobs|licenser-pools|licenses|
                          monitor|saved-search|search-server|source|sourcetype|tcp|udp|user]

    search                NONE

    set                   [datastore-dir|deploy-poll|default-hostname|default-index|
                          minfreemb|servername|splunkd-port|web-port]

    show                  [config|datastore-dir|deploy-poll|default-hostname|
                          default-index|jobs|minfreemb|servername|
                          splunkd-port|web-port]
 
    spool                 NONE

    start,stop,restart    [monitor|splunkd|splunkweb]

    status                [monitor|splunkd|splunkweb]

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 4.3.7 View the Article History for its revisions.


Comments

the CLI commands are fully documented via their own help system, as well as within the topics related to specific actions, such as http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI

refer to http://docs.splunk.com/Documentation/Splunk/latest/Admin/GethelpwiththeCLI for information on getting help on CLI commands.

Rachel, Splunker
September 23, 2012

so, its now mid 2012, and splunk still has yet to fully document CLI!?? i think they are not doing so because it makes them more money on support contracts.

Drickardtvc
July 10, 2012

This helps:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI

Jterry, Splunker
March 7, 2012

more information about the commands, please. whats the syntax of splunk add monitor .... for example?
links!

Berndg
October 18, 2011

This is really, really inadequate documentation!

Tgfurnish
April 8, 2011

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!