Administrative CLI commands
Administrative CLI commands
This topic discusses the administrative CLI commands, which are the commands used to manage or configure your Splunk server and distributed deployment.
For information about accessing the CLI and what is covered in the CLI help, see the previous topic, "Get help with the CLI". If you're looking for details about how to run searches from the CLI, refer to "About CLI searches" in the Search Reference Manual.
Your Splunk role configuration dictates what actions (commands) you can execute. Most actions require you to be a Splunk admin. Read more about setting up and managing Splunk users and roles in the "About users and roles" topic in the Admin Manual.
Splunk CLI command syntax
The general syntax for a CLI command is this:
./splunk <command> [<object>] [[-<parameter>] <value>]...
Note the following:
- Some commands don't require an object or parameters.
- Some commands have a default parameter that can be specified by its value alone.
Commands and objects
A command is an action that you can perform. An object is something you perform an action on.
| Command | Objects |
|---|---|
| add | exec, forward-server, index, licenser-pools, licenses, monitor, oneshot, saved-search, search-server, tcp, udp, user |
| apply | cluster-bundle |
| anonymize | source |
| clean | all, eventdata, globaldata, userdata, inputdata |
| diag | NONE |
| disable | app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi |
| display | app, boot-start, deploy-client, deploy-server, dist-search, index, jobs, listen, local-index |
| edit | app, cluster-config, exec, index, licenser-localslave, licenser-groups, monitor, saved-search, search-server, tcp, udp, user |
| enable | app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi |
| export | eventdata, userdata |
| import | userdata |
| install | app |
| find | logs |
| help | NONE |
| list | cluster-config, cluster-generation, cluster-peers, cluster-buckets, deploy-clients, exec, forward-server, index, licenser-groups, licenser-localslave, licenser-messages, licenser-pools, licenser-slaves, licenser-stacks, licenses, jobs, master-info, monitor, peer-info, peer-buckets, perfmon, saved-search, search-server, tcp, udp, user, wmi |
| login,logout | NONE |
| package | app |
| refresh | deploy-clients |
| reload | ad, auth, deploy-server, index, monitor, registry, script, tcp, udp, perfmon, wmi |
| remove | app, exec, forward-server, index, jobs, licenser-pools, licenses, monitor, saved-search, search-server, tcp, udp, user |
| rolling-restart | cluster-peers |
| rtsearch | app, batch, detach, earliest_time, header, index_earliest, index_latest, max_time, maxout, output, preview, rt_id, timeout, wrap |
| search | app, batch, detach, earliest_time, header, id, index_earliest, index_latest, latest_time, max_time, maxout, output, preview, timeout, wrap |
| set | datastore-dir, deploy-poll, default-hostname, default-index, minfreemb, servername, server-type, splunkd-port, web-port |
| show | config, cluster-bundle-status, datastore-dir, deploy-poll, default-hostname, default-index, jobs, minfreemb, servername, splunkd-port, web-port |
| spool | NONE |
| start,stop,restart | splunkd, splunkweb |
| status | splunkd, splunkweb |
| validate | index |
| version | NONE |
Troubleshooting with the CLI
Splunk's CLI also includes tools that help with troubleshooting Splunk issues. These tools are invoked using the Splunk CLI command cmd:
./splunk cmd <tool>
For the list of CLI utilities, see "Command line tools for use with Support" in the Troubleshooting Manual.
This documentation applies to the following versions of Splunk: 5.0 , 5.0.1 , 5.0.2 , 5.0.3 View the Article History for its revisions.