
crawl
Beginning with version 7.0.0, support for the the crawl
command is removed. See the 7.0.0 Release Notes.
Description
Crawls the file system to discover new sources to index, using built-in settings.
Syntax
| crawl [ files | network ] [<crawl-option>...]
Optional arguments
- crawl-option
- Syntax: <string>=<string>
- Description: Overrides the settings in the crawl.conf file.
Usage
The default crawl
settings are found in the crawl.conf
file. If you have Splunk Enterprise, you can view a log of crawl operations in the $SPLUNK_HOME/var/log/splunk/crawl.log
file. This command is generally used in conjunction with the input
command.
The crawl
command is a generating command and should be the first command in the search. Generating commands use a leading pipe character.
When you add the crawl
command to a search, the search returns only data that is generated from the crawl
command. The search does not return any data generated before the crawl
command.
Examples
Example 1:
crawl
root and home directories and add all possible inputs found. Adds configuration information to "inputs.conf".
| crawl root="/;/Users/" | input add
Example 2:
Crawl bob's home directory.
| crawl root=/home/bob
Example 3:
Add all sources found in bob's home directory to the 'preview' index.
| crawl root=/home/bob | input add index=preview
Example 4:
Use the default settings defined in the crawl.conf file.
| crawl
See also
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the crawl command.
PREVIOUS correlate |
NEXT ctable |
This documentation applies to the following versions of Splunk® Enterprise: 6.5.7
Feedback submitted, thanks!