Use the CLI to administer a remote Splunk Enterprise instance
You can use the
uri parameter with any CLI command to send that command to another Splunk Enterprise instance and view the results on your local server.
This topic discusses:
- Syntax for using the
- CLI commands that you cannot use remotely.
Note: Remote CLI access is disabled by default for the admin user until you have changed its default password.
Enable remote access
If you are running Splunk Free (which has no login credentials), remote access is disabled by default until you've edited
$SPLUNK_HOME/etc/system/local/server.conf and set the value:
add oneshot command works on local instances but cannot be used remotely.
For more information about editing configuration files, refer to About configuration files in this manual.
Send CLI commands to a remote server
The general syntax for using the
uri parameter with any CLI command is:
./splunk command object [-parameter <value>]... -uri <specified-server>
specified-server is formatted as:
name_of_server can be the fully resolved domain name or the IP address of the remote Splunk Enterprise instance.
uri value is the
mgmtHostPort value that you defined in
web.conf on the remote Splunk Enterprise instance. For more information, see the web.conf reference in this manual.
Search a remote instance
The following example returns search results from the remote "splunkserver".
./splunk search "host=fflanda error 404 *.gif" -uri https://splunkserver:8089
For details on syntax for searching using the CLI, refer to About CLI searches in the Search Reference Manual.
View apps installed on a remote instance
The following example returns the list of apps that are installed on the remote "splunkserver".
./splunk display app -uri https://splunkserver:8089
Change your default URI value
You can set a default URI value using the SPLUNK_URI environment variable. If you change this value to be the URI of the remote server, you do not need to include the
uri parameter each time you want to access that remote server.
To change the value of SPLUNK_URI, type either:
$ export SPLUNK_URI=[http|https]://name_of_server:management_port # For Unix shells C:\> set SPLUNK_URI=[http|https]://name_of_server:management_port # For Windows shell
For the examples above, you can change your SPLUNK_URI value by typing:
$ export SPLUNK_URI=https://splunkserver:8089
CLI commands you cannot run remotely
With the exception of commands that control the server, you can run all CLI commands remotely. These server control commands include:
- Start, stop, restart
- Status, version
You can view all CLI commands by accessing the CLI help reference. See Get help with the CLI in this manual.
Administrative CLI commands
Customize the CLI login banner
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2