Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Get help with the CLI

This topic discusses how to access Splunk's built-in CLI help reference, which contains information about the CLI commands and how to use them. This topic also briefly discusses the universal parameters, which are parameters that you can use with any CLI command.

Access CLI help reference

If you need to find a CLI command or syntax for a CLI command, use Splunk's built-in CLI help reference.

To start, you can access the default help information with the help command:

./splunk help

This will return a list of objects to help you access more specific CLI help topics, such as administrative commands, clustering, forwarding, licensing, searching, etc.

Universal parameters

Some commands require that you authenticate with a username and password, or specify a target host or app. For these commands you can include one of the universal parameters: auth, app, or uri.

[command] [object] [-parameter <value> | <value>]... [-uri][-auth]
Parameter Description
app specify the App or namespace to run the command; for search, defaults to the Search App.
auth specify login credentials to execute commands that require you to be logged in.
owner specify the owner/user context associated with an object; if not specified, defaults to the currently logged in user.
uri excute a command on any specified (remote) Splunk server.

auth

If a CLI command require authentication, Splunk will prompt you to supply the username and password. You can also use the -auth flag to pass this information inline with the command. The auth parameter is also useful if you need to run a command that requires different permissions to execute than the currently logged-in user has.

Note: auth must be the last parameter specified in a CLI command argument.

Syntax:

./splunk command object [-parameter value]... -auth username:password

uri

If you want to run a command on a remote Splunk server, use the -uri flag to specify the target host.

Syntax:

./splunk command object [-parameter value]... -uri specified-server

Specify the target Splunk server with the following format:

[http|https]://name_of_server:management_port

Both IPv4 and IPv6 formats are supported for specifying an IP address, for example: 127.0.0.1:80 or "[2001:db8::1]:80". By default, splunkd listens on IPv4 only. To enable IPv6 support, refer to the instructions in "Configure Splunk for IPv6".


Example: The following example returns search results from the remote "splunkserver" on port 8089.

./splunk search "host=fflanda error 404 *.gif" -auth admin -uri https://splunkserver:8089

Note: For more information about the CLI commands you can run on a remote server, see the next topic in this chapter.

Useful help topics

When you run the default Splunk CLI help, you will see these objects listed.

CLI help for commands

You can use the CLI for administrative functions such as adding or editing inputs, updating configuration settings, and searching. If you want to see the list of administrative CLI commands type in:

./splunk help commands

These commands are discussed in more detail in "CLI admin commands" in this manual.

CLI help for search

You can also use the CLI to run both historical and real-time searches. Access the help page about Splunk search with:

./splunk help search

Also, use objects search-commands, search-fields, and search-modifiers to access the respective help descriptions and syntax:

./splunk help search-commands ./splunk help search-fields ./splunk help search-modifiers

Note: The Splunk CLI interprets spaces as breaks. Use dashes between multiple words for topic names that are more than one word.

For details on syntax for searching your data with the CLI, refer to "About CLI searches" and "Syntax for CLI searches" in the Search Reference Manual.

PREVIOUS
About the CLI
  NEXT
CLI admin commands

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters