About CLI searches
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
About CLI searches
You can use the Splunk CLI to monitor, configure, and execute searches on your Splunk server. This topic discusses how to search from the CLI. If you're looking for how to access the CLI and find help for it, refer to "About the CLI" in the Admin manual.
CLI search syntax
You can run both historical and real-time searches from the CLI in Splunk by invoking the search or rtsearch commands, respectively. The syntax for CLI searches is similar to the syntax for searches you run from Splunk Web except that you can pass parameters outside of the query to control the time limit of the search, tell Splunk which server to run the search, and specify how Splunk displays results.
- For more information about the CLI search options, see the next topic in this chapter, "CLI search syntax".
- For more information about how to search remote Splunk servers from your local server, see "Access and use the CLI on a remote server" in the Admin manual.
Historical and real-time searches in the CLI work the same way as searches in Splunk Web except that there is no timeline rendered with the search results and there is no default time range. Instead, the results are displayed as a raw events list or a table, depending on the type of search.
- For more information, read "Type of searches" in the Search Overview chapter.
- For more information about real-time searches in the CLI, see "Search and report in real time" in the User manual.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 View the Article History for its revisions.