
About the CLI
You can use the Splunk platform command line interface (CLI) to monitor, configure, and execute searches. The CLI help exists in the product and is accessible through a terminal or shell interface. This topic discusses how to access this information.
Access the CLI
The Splunk platform CLI commands are located in $SPLUNK_HOME/bin
(or %SPLUNK_HOME%\bin
on Windows hosts.)
You can find the Splunk installation path on your instance through Splunk Web by clicking Settings > Server settings > General settings.
To access the Splunk platform CLI, you need:
- A shell prompt, command prompt, or PowerShell session
- Access to a Splunk platform instance or forwarder, or
- Permission to access the correct port on a remote Splunk platform instance.
CLI help documentation
If you have administrator privileges, you can use the CLI not only to search but also to configure and monitor your Splunk instance or instances. The CLI commands used for configuring and monitoring Splunk are not search commands. Search commands are arguments to the search
and dispatch
CLI commands. Some commands require you to authenticate with a username and password or specify a target Splunk server.
You can look up help information for the CLI using:
UNIX | Windows | |
---|---|---|
./splunk help |
./splunk help |
For more information about how to access help for specific CLI commands or tasks, see "Get help with the CLI" and "Administrative CLI commands" in this manual.
Work with the CLI on *nix
If you have administrator or root privileges, you can simplify CLI access by adding the top level directory of your Splunk platform installation, $SPLUNK_HOME/bin
, to your shell path.
This example works for Linux/BSD/Solaris users who installed Splunk Enterprise in the default location:
# export SPLUNK_HOME=/opt/splunk # export PATH=$SPLUNK_HOME/bin:$PATH
This example works for Mac users who installed Splunk Enterprise in the default location:
# export SPLUNK_HOME=/Applications/Splunk # export PATH=$SPLUNK_HOME/bin:$PATH
Now you can invoke CLI commands using:
./splunk <command>
To set the $SPLUNK_HOME
environment variable while working in a CLI session:
- In *nix:
source /opt/splunk/bin/setSplunkEnv
- In Windows:
splunk.exe envvars > setSplunkEnv.bat & setSplunkEnv.bat
Mac OS X requires elevated privileges to access system files or directories
Mac OS X requires superuser level access to run any command that accesses system files or directories. Run CLI commands using sudo or "su -" for a new shell as root. The recommended method is to use sudo. (By default the user "root" is not enabled but any administrator user can use sudo.)
Work with the CLI on Windows
To run CLI commands in Splunk Enterprise on Windows, use PowerShell or the command prompt as an administrator.
- Open a PowerShell window or command prompt as an administrator.
- Change to the Splunk Enterprise
bin
directory. - Run a Splunk command by typing in
splunk
followed by the subcommand and any required arguments.
C:\Program Files\Splunk\bin> splunk status splunkd is running. splunk helpers are running.
You can run many commands and perform many tasks from the CLI. For help on using the CLI, see Get help with the CLI.
Set Splunk environment variables on Windows
You do not need to set Splunk environment variables to use the CLI on Windows. If you want to use environment variables to run CLI commands, you must set the variables manually, because Windows does not set the variables by default.
Set Splunk environment variables temporarily
- Open a PowerShell window or command prompt.
- Enter the following command from within either the PowerShell window or command prompt to set environment variables temporarily, or use the Environment Variables dialog box in Computer Properties to set the variables permanently.
PowerShell Command prompt $splunk_home=C:\Program Files\Splunk
set SPLUNK_HOME="C:\Program Files\Splunk"
- Use the variable to run Splunk commands.
PowerShell Command prompt $splunk_home\bin\splunk status
%SPLUNK_HOME%\bin\splunk add forward-server 192.168.1.100:9997 -auth admin:changeme
Set Splunk environment variables permanently
After you complete this procedure, Windows uses the values you set for the variables until you either change or delete the variable entries.
To set environment variables permanently, see Add or change environment variables on MS TechNet.
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has around using the CLI.
PREVIOUS Manage jobs in the OS |
NEXT Get help with the CLI |
This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8
Comments
http://docs.splunk.com/Documentation/Splunk/5.0.2/Admin/AbouttheCLI#How_to_access_the_CLI<br />^ that talks about setting up the "$PATH" then goes on to say "./splunk"<br /><br />It should probably instead say to "hash -r" then invoke as "splunk"
Logan, i recommend you try the User Manual to get some ideas:<br />http://www.splunk.com/base/Documentation/latest/User/<br /><br />tell Splunk to index some data, and then run a search for * in the Search app to see the events
How do you use splunk? So far all the technical docs just tell you what you can do. I would like to know how to check that what I have configured actually works. a step by step guide with basic examples would be nice.
link to MSFT Technet is retired. need to update
https://technet.microsoft.com/en-us/library/cc736637(v=ws.10).aspx