Get help with the CLI
Get help with the CLI
This topic discusses how to access Splunk's built-in CLI help reference, which contains information about the CLI commands and how to use them. This topic also briefly discusses the universal parameters, which are parameters that you can use with any CLI command.
Access CLI help reference
If you need to find a CLI command or syntax for a CLI command, use Splunk's built-in CLI help reference. You can access the default help information with the help command:
./splunk help
Splunk returns:
Welcome to Splunk's Command Line Interface (CLI).
Try typing these commands for more help:
help [command] type a command name to access its help page
help [object] type an object name to access its help page
help [topic] type a topic keyword to get help on a topic
help commands display a full list of CLI commands
help control, controls tools to start, stop, manage Splunk processes
help datastore manage Splunk's local filesystem use
help distributed manage distributed configurations such as
data cloning, routing, and distributed search
help forwarding manage deployments
help input, inputs manage data inputs
help licensing manage licenses for your Splunk server
help settings manage settings for your Splunk server
help simple, cheatsheet display a list of common commands with syntax
help tools tools to help your Splunk server
help training train Splunk to recognize dates or fields
help search help with Splunk searches
Universal Parameters:
The following parameters are usable by any command. For more details on each
parameter, type "help [parameter]".
Syntax:
[command] [object] [-parameter <value> | <value>]... [-uri][-auth]
app specify the App or namespace to run the command; for search,
defaults to the Search App
auth specify login credentials to execute commands that require
you to be logged in
owner specify the owner/user context associated with an object;
if not specified, defaults to the currently logged in user
uri execute a command on any specified Splunk server, user the
format: <ip>:<port>
For the list of all CLI commands, type:
./splunk help commands
Or, access the help page about Splunk search commands with:
./splunk help search-commands
For more information, see "CLI admin commands" in this manual. For details on syntax for searching your data with the CLI, refer to "About CLI Searches" in the Search Reference Manual.
Note: Notice the dash (-) between the words: "search" and "commands". This is because the Splunk CLI interprets spaces as breaks. Use dashes between multiple words for topic names that are more than one word.
Universal parameters
Some commands require that you authenticate with a username and password, or specify a target host or app. For these commands you can include one of the universal parameters: auth, app, or uri.
auth
If a CLI command require authentication, Splunk will prompt you to supply the username and password. You can also use the -auth flag to pass this information inline with the command. The auth parameter is also useful if you need to run a command that requires different permissions to execute than the currently logged-in user has.
Note: auth must be the last parameter specified in a CLI command argument.
Syntax:
./splunk command object [-parameter value]... -auth username:password
uri
If you want to run a command on a remote Splunk server, use the -uri flag to specify the target host.
Syntax:
./splunk command object [-parameter value]... -uri specified-server
Specify the target Splunk server with the following format:
[http|https]://name_of_server:management_port
Example: The following example returns search results from the remote "splunkserver" on port 8089.
./splunk search "host=fflanda error 404 *.gif" -auth admin -uri https://splunkserver:8089
Note: For more information about the CLI commands you can run on a remote server, see the next topic in this chapter.
This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.