Admin Manual

 


Use Splunk's command line interface (CLI)

CLI admin commands

CLI admin commands

This topic contains information on using administrative commands via the Splunk CLI.


  Splunk CLI command syntax: 

    ./splunk [command] [object] [-parameter <value>]...

    * Some commands don't require an object or parameters.
    * Some commands have a default parameter that can be specified by its 
      value alone.

  Commands and objects:

    * A command is an action that you can perform.
    * An object is something you perform an action on. 

  Supported commands and objects:

    [command]             [objects]

    add                   [exec|forward-server|index|licenser-pools|licenses|
                          monitor|oneshot|saved-search|search-server|tcp|udp|user]

    anonymize             source

    clean                 [eventdata|globaldata|userdata|all]

    create                app
 
    disable               [app|deploy-client|deploy-server|discoverable|
                          dist-search|index|listen|local-index|boot-start|
                          webserver|web-ssl]

    edit                  [app|exec|forward-server|index|licenser-localslave|licenses|
                          monitor|saved-search|search-server|tcp|udp|user]

    enable                [app|deploy-client|deploy-server|discoverable|
                          dist-search|index|listen|local-index|boot-start|
                          webserver|web-ssl]

    display               [app|deploy-server|discoverable|dist-search|index|
                          jobs|listen|local-index|boot-start|webserver|web-ssl]

    export,import         [eventdata|userdata]

    find                  logs 

    help                  NONE

    list                  [deploy-clients|exec|forward-server|index|licenser-groups|
                          licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|
                          licenser-stacks|licenses|jobs|monitor|saved-search|search-server|
                          source|sourcetype|tcp|udp|user]

    login,logout          NONE

    package               app
 
    refresh               deploy-clients
 
    reload                [auth|deploy-server]

    remove                [app|exec|forward-server|jobs|licenser-pools|licenses|
                          monitor|saved-search|search-server|source|sourcetype|tcp|udp|user]

    search                NONE

    set                   [datastore-dir|deploy-poll|default-hostname|default-index|
                          minfreemb|servername|splunkd-port|web-port]

    show                  [config|datastore-dir|deploy-poll|default-hostname|
                          default-index|jobs|minfreemb|servername|
                          splunkd-port|web-port]
 
    spool                 NONE

    start,stop,restart    [monitor|splunkd|splunkweb]

    status                [monitor|splunkd|splunkweb]

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.


Comments

This helps:

http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs#Use_the_CLI

Jterry, Splunker
March 7, 2012

more information about the commands, please. whats the syntax of splunk add monitor .... for example?
links!

Berndg
October 18, 2011

This is really, really inadequate documentation!

Tgfurnish
April 8, 2011

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!