Splunk Enterprise

Admin Manual

Download manual as PDF

NOTE - Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

CLI admin commands

This topic contains information on using the Splunk CLI to perform administrative functions.

For more information:

Splunk CLI command syntax

The general syntax for a CLI command is this:

./splunk <command> [<object>] [[-<parameter>] <value>]...

Note the following:

  • Some commands don't require an object or parameters.
  • Some commands have a default parameter that can be specified by its value alone.

Commands and objects

A command is an action that you can perform. An object is something you perform an action on.

Here is a list of the supported commands and the objects they can act upon:

    command               objects for the command

    add                   [exec|forward-server|index|licenser-pools|licenses|

    anonymize             source

    clean                 [eventdata|globaldata|userdata|all]

    create                app
    disable               [app|deploy-client|deploy-server|discoverable|

    edit                  [app|exec|forward-server|index|licenser-localslave|licenses|

    enable                [app|deploy-client|deploy-server|discoverable|

    display               [app|deploy-server|discoverable|dist-search|index|

    export,import         [eventdata|userdata]

    find                  logs 

    help                  NONE

    list                  [deploy-clients|exec|forward-server|index|licenser-groups|

    login,logout          NONE

    package               app
    refresh               deploy-clients
    reload                [auth|deploy-server]

    remove                [app|exec|forward-server|jobs|licenser-pools|licenses|

    search                NONE

    set                   [datastore-dir|deploy-poll|default-hostname|default-index|

    show                  [config|datastore-dir|deploy-poll|default-hostname|
    spool                 NONE

    start,stop,restart    [monitor|splunkd|splunkweb]

    status                [monitor|splunkd|splunkweb]

Get help with the CLI
Use the CLI to administer a remote Splunk server

This documentation applies to the following versions of Splunk: 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7 View the Article History for its revisions.


the CLI commands are fully documented via their own help system, as well as within the topics related to specific actions, such as http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI <br /><br />refer to http://docs.splunk.com/Documentation/Splunk/latest/Admin/GethelpwiththeCLI for information on getting help on CLI commands.

Rachel, Splunker
September 23, 2012

so, its now mid 2012, and splunk still has yet to fully document CLI!?? i think they are not doing so because it makes them more money on support contracts.

July 10, 2012

This helps:<br /><br />http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI

Jterry, Splunker
March 7, 2012

more information about the commands, please. whats the syntax of splunk add monitor .... for example?<br />links!

October 18, 2011

This is really, really inadequate documentation!

April 8, 2011

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole
Feedback you enter here will be delivered to the documentation team

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters