Beginning with version 7.0.0, support for the the
crawl command is removed. See the 7.0.0 Release Notes.
Crawls the file system to discover new sources to index, using built-in settings.
| crawl [ files | network ] [<crawl-option>...]
- Syntax: <string>=<string>
- Description: Overrides the settings in the crawl.conf file.
crawl settings are found in the
crawl.conf file. If you have Splunk Enterprise, you can view a log of crawl operations in the
$SPLUNK_HOME/var/log/splunk/crawl.log file. This command is generally used in conjunction with the
crawl command is a generating command and should be the first command in the search. Generating commands use a leading pipe character.
When you add the
crawl command to a search, the search returns only data that is generated from the
crawl command. The search does not return any data generated before the
crawl root and home directories and add all possible inputs found. Adds configuration information to "inputs.conf".
| crawl root="/;/Users/" | input add
Crawl bob's home directory.
| crawl root=/home/bob
Add all sources found in bob's home directory to the 'preview' index.
| crawl root=/home/bob | input add index=preview
Use the default settings defined in the crawl.conf file.
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the crawl command.
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7