Splunk® Enterprise

Admin Manual

Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Administrative CLI commands

This topic discusses the administrative CLI commands, which are the commands used to manage or configure your Splunk server and distributed deployment.

For information about accessing the CLI and what is covered in the CLI help, see the previous topic, "Get help with the CLI". If you're looking for details about how to run searches from the CLI, refer to "About CLI searches" in the Search Reference Manual.

Your Splunk role configuration dictates what actions (commands) you can execute. Most actions require you to be a Splunk admin. Read more about setting up and managing Splunk users and roles in the "About users and roles" topic in the Admin Manual.

Splunk CLI command syntax

The general syntax for a CLI command is this:

./splunk <command> [<object>] [[-<parameter>] <value>]...

Note the following:

  • Some commands don't require an object or parameters.
  • Some commands have a default parameter that can be specified by its value alone.

Commands and objects

A command is an action that you can perform. An object is something you perform an action on.

Command Objects
add exec, forward-server, index, licenser-pools, licenses, monitor, oneshot, saved-search, search-server, tcp, udp, user
apply cluster-bundle
anonymize source
clean all, eventdata, globaldata, userdata, inputdata
diag NONE
disable app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi
display app, boot-start, deploy-client, deploy-server, dist-search, jobs, listen, local-index
edit app, cluster-config, exec, index, licenser-localslave, licenser-groups, monitor, saved-search, search-server, tcp, udp, user
enable app, boot-start, deploy-client, deploy-server, dist-search, index, listen, local-index, perfmon, webserver, web-ssl, wmi
export eventdata, userdata
import userdata
install app
find logs
help NONE
list cluster-config, cluster-generation, cluster-peers, cluster-buckets, deploy-clients, exec, forward-server, index, licenser-groups, licenser-localslave, licenser-messages, licenser-pools, licenser-slaves, licenser-stacks, licenses, jobs, master-info, monitor, peer-info, peer-buckets, perfmon, saved-search, search-server, tcp, udp, user, wmi
login,logout NONE
package app
reload ad, auth, deploy-server, index, monitor, registry, script, tcp, udp, perfmon, wmi
remove app, exec, forward-server, index, jobs, licenser-pools, licenses, monitor, saved-search, search-server, tcp, udp, user
rolling-restart cluster-peers
rtsearch app, batch, detach, earliest_time, header, index_earliest, index_latest, max_time, maxout, output, preview, rt_id, timeout, wrap
search app, batch, detach, earliest_time, header, id, index_earliest, index_latest, latest_time, max_time, maxout, output, preview, timeout, wrap
set datastore-dir, deploy-poll, default-hostname, default-index, minfreemb, servername, server-type, splunkd-port, web-port
show config, cluster-bundle-status, datastore-dir, deploy-poll, default-hostname, default-index, jobs, minfreemb, servername, splunkd-port, web-port
spool NONE
start,stop,restart splunkd, splunkweb
status splunkd, splunkweb
validate index
version NONE

Troubleshooting with the CLI

Splunk's CLI also includes tools that help with troubleshooting Splunk issues. These tools are invoked using the Splunk CLI command cmd:

./splunk cmd <tool>

For the list of CLI utilities, see "Command line tools for use with Support" in the Troubleshooting Manual.

Get help with the CLI
Use the CLI to administer a remote Splunk Enterprise instance

This documentation applies to the following versions of Splunk® Enterprise: 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14


In version 6.1.1, set server-type is no longer present. The command responds with "This command has been removed."

June 17, 2014

Done. Thanks for catching that.

April 3, 2014

Delete "refresh" coomand in this manual !!

April 1, 2014

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters