Admin Manual

 


Use Splunk's command line interface (CLI)

Administrative CLI commands

Administrative CLI commands

This topic discusses the administrative CLI commands, which are the commands used to manage or configure your Splunk server and distributed deployment.

For information about accessing the CLI and what is covered in the CLI help, see the previous topic, "Get help with the CLI". If you're looking for details about how to run searches from the CLI, refer to "About CLI searches" in the Search Reference Manual.

Your Splunk role configuration dictates what actions (commands) you can execute. Most actions require you to be a Splunk admin. Read more about setting up and managing Splunk users and roles in the "About users and roles" topic in the Admin Manual.

Splunk CLI command syntax

The general syntax for a CLI command is this:

./splunk <command> [<object>] [[-<parameter>] <value>]...

Note the following:

  • Some commands don't require an object or parameters.
  • Some commands have a default parameter that can be specified by its value alone.

Commands and objects

A command is an action that you can perform. An object is something you perform an action on.

Command Objects
add exec, forward-server, index, licenser-pools, licenses, monitor, oneshot, saved-search, search-server, tcp, udp, user
apply cluster-bundle
anonymize source
clean all, eventdata, globaldata, userdata, inputdata
diag NONE
disable app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi
display app, boot-start, deploy-client, deploy-server, dist-search, index, jobs, listen, local-index
edit app, cluster-config, exec, index, licenser-localslave, licenser-groups, monitor, saved-search, search-server, tcp, udp, user
enable app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi
export eventdata, userdata
import userdata
install app
find logs
help NONE
list cluster-config, cluster-generation, cluster-peers, cluster-buckets, deploy-clients, exec, forward-server, index, licenser-groups, licenser-localslave, licenser-messages, licenser-pools, licenser-slaves, licenser-stacks, licenses, jobs, master-info, monitor, peer-info, peer-buckets, perfmon, saved-search, search-server, tcp, udp, user, wmi
login,logout NONE
package app
refresh deploy-clients
reload ad, auth, deploy-server, index, monitor, registry, script, tcp, udp, perfmon, wmi
remove app, exec, forward-server, index, jobs, licenser-pools, licenses, monitor, saved-search, search-server, tcp, udp, user
rolling-restart cluster-peers
rtsearch app, batch, detach, earliest_time, header, index_earliest, index_latest, max_time, maxout, output, preview, rt_id, timeout, wrap
search app, batch, detach, earliest_time, header, id, index_earliest, index_latest, latest_time, max_time, maxout, output, preview, timeout, wrap
set datastore-dir, deploy-poll, default-hostname, default-index, minfreemb, servername, server-type, splunkd-port, web-port
show config, cluster-bundle-status, datastore-dir, deploy-poll, default-hostname, default-index, jobs, minfreemb, servername, splunkd-port, web-port
spool NONE
start,stop,restart splunkd, splunkweb
status splunkd, splunkweb
validate index
version NONE

Troubleshooting with the CLI

Splunk's CLI also includes tools that help with troubleshooting Splunk issues. These tools are invoked using the Splunk CLI command cmd:

./splunk cmd <tool>

For the list of CLI utilities, see "Command line tools for use with Support" in the Troubleshooting Manual.

This documentation applies to the following versions of Splunk: 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!