Supported CLI commands
The universal forwarder supports a subset of objects for use in CLI commands. Certain objects valid in full Splunk Enterprise, like
index (as in
add index), are not applicable in the context of the universal forwarder.
Commands act upon objects. If you type an invalid command/object combination, the universal forwarder returns an error message.
Valid CLI objects
The universal forwarder supports all CLI commands for these objects:
add app config datastore-dir default-hostname deploy-client deploy-poll eventlog exec forward-server monitor oneshot perfmon registry servername splunkd-port tcp udp user wmi
Note: A few commands, such as
stop can be run without an object. A command with no object is also valid for the universal forwarder.
Introduction to CLI syntax
The general syntax for a CLI command is:
./splunk <command> [<object>] [[-<parameter>] <value>]...
As described above, the object determines whether a command is valid in the universal forwarder. For example, the above list includes the
monitor object. Therefore, the
add monitor and
edit monitor command/object combinations are both valid. For more information on the
monitor object, see "Use the CLI to monitor files and directories" in Getting Data In.
For more details on using the CLI in general, see Administer Splunk Enterprise with the CLI in the Splunk Enterprise Admin Manual. In particular, the topic "CLI admin commands" provides details on CLI syntax, including a list of all commands supported by full Splunk Enterprise and the objects they can act upon.
Configure forwarding with outputs.conf
Upgrade the Windows universal forwarder
This documentation applies to the following versions of Splunk® Universal Forwarder: 184.108.40.206, 8.2.4, 8.2.5