Splunk® Universal Forwarder

Forwarder Manual

This documentation does not apply to the most recent version of Splunk® Universal Forwarder. For documentation on the most recent version, go to the latest release.

Supported CLI commands

The universal forwarder supports a subset of objects for use in CLI commands. Certain objects valid in full Splunk Enterprise, like index (as in add index), are not applicable in the context of the universal forwarder.

Commands act upon objects. If you type an invalid command/object combination, the universal forwarder returns an error message.

Valid CLI objects

The universal forwarder supports all CLI commands for these objects:

    add
    app
    config
    datastore-dir
    default-hostname
    deploy-client
    deploy-poll
    eventlog
    exec
    forward-server
    monitor
    oneshot
    perfmon
    registry
    servername
    splunkd-port
    tcp
    udp
    user
    wmi

Note: A few commands, such as start and stop can be run without an object. A command with no object is also valid for the universal forwarder.

Introduction to CLI syntax

The general syntax for a CLI command is:

./splunk <command> [<object>] [[-<parameter>] <value>]...

As described above, the object determines whether a command is valid in the universal forwarder. For example, the above list includes the monitor object. Therefore, the add monitor and edit monitor command/object combinations are both valid. For more information on the monitor object, see "Use the CLI to monitor files and directories" in Getting Data In.

For more details on using the CLI in general, see Administer Splunk Enterprise with the CLI in the Splunk Enterprise Admin Manual. In particular, the topic "CLI admin commands" provides details on CLI syntax, including a list of all commands supported by full Splunk Enterprise and the objects they can act upon.

Last modified on 01 December, 2021
Configure forwarding with outputs.conf   Upgrade the Windows universal forwarder

This documentation applies to the following versions of Splunk® Universal Forwarder: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters