Splunk® Enterprise

Admin Manual

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

About the CLI

You can use the Splunk Enterprise command line interface (CLI) to monitor, configure, and run searches and other tasks. The CLI help exists in the product and is accessible through a terminal window or command or shell prompt. Read this topic to learn how to access the CLI.

Access the CLI

The Splunk Enterprise CLI is located in the $SPLUNK_HOME/bin directory of the Splunk Enterprise installation. On Windows machines, the CLI appears in the %SPLUNK_HOME%\bin directory.

You can find the Splunk Enterprise installation path on your instance through Splunk Web by clicking Settings > Server settings > General settings.

To access the Splunk Enterprise CLI, you must have:

  • A shell prompt, command prompt, or PowerShell session
  • Access to a Splunk platform instance or forwarder, or
  • Permission to access the correct port on a remote Splunk Enterprise instance.

CLI help documentation

If you have administrator privileges, you can use the CLI not only to search but also to configure and monitor your Splunk Enterprise instance or instances. The CLI commands that configure and monitor Splunk are not search commands. Search commands are arguments to the search and dispatch CLI commands. Some commands require that you authenticate with a username and password or specify a target Splunk server.

You can look up help information for the CLI using:

UNIX Windows
./splunk help .\splunk help

For more information about how to access help for specific CLI commands or tasks, see "Get help with the CLI" and "Administrative CLI commands" in this manual.

Work with the CLI on *nix

If you have administrator or root privileges, you can simplify CLI access by adding the top level directory of your Splunk Enterprise installation, $SPLUNK_HOME/bin, to your shell path. If you installed Splunk Enterprise in a different directory, specify that directory in the following commands.

This example works for Linux/BSD/Solaris users who installed Splunk Enterprise in the default location:

# export SPLUNK_HOME=/opt/splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

This example works for Mac users who installed Splunk Enterprise in the default location:

# export SPLUNK_HOME=/Applications/Splunk
# export PATH=$SPLUNK_HOME/bin:$PATH

Now you can invoke CLI commands using:

splunk <command>


To set the $SPLUNK_HOME environment variable while working in a CLI session:

  • In *nix: source /opt/splunk/bin/setSplunkEnv
  • In Windows: splunk.exe envvars > setSplunkEnv.bat & setSplunkEnv.bat

Splunk CLI skips password prompting for *nix users with access to the /home directory

On a *nix machine, if a *nix user that runs the Splunk CLI has access to the /home directory on that machine, the CLI does not prompt for the Splunk user password.

Mac OS X requires elevated privileges to access system files or directories

Mac OS X requires superuser level access to run any command that accesses system files or directories. Run CLI commands using sudo or "su -" for a new shell as root. The recommended method is to use sudo. (By default the user "root" is not enabled but any administrator user can use sudo.)

Work with the CLI on Windows

To run CLI commands in Splunk Enterprise on Windows, use PowerShell or the command prompt as an administrator.

  1. Open a PowerShell window or command prompt as an administrator.
  2. Change to the Splunk Enterprise bin directory.
  3. Run a Splunk command by typing in splunk followed by the subcommand and any required arguments.
C:\Program Files\Splunk\bin> splunk status
splunkd is running.
splunk helpers are running.

You can run many commands and perform many tasks from the Splunk Enterprise CLI. For help on using the CLI, see Get help with the CLI.

Set Splunk environment variables on Windows

You do not need to set Splunk environment variables to use the CLI on Windows. If you want to use variables to run CLI commands, you must set variables manually.

Set temporary variables on the command prompt

  1. Open a PowerShell window, or a command prompt.
  2. Use a Powershell variable or environment variable to set a quick reference path to Splunk Enterprise.

    PowerShell Command prompt
    $splunk_home="C:\Program Files\Splunk" set SPLUNK_HOME="C:\Program Files\Splunk"
  3. Call the variable when running Splunk Enterprise CLI commands.
    PowerShell Command prompt
    & $splunk_home\bin\splunk status %SPLUNK_HOME%\bin\splunk status

Set permanent environment variables

To set a permanent variable, see Add or change environment variables on MS TechNet.

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has about using the CLI.

Last modified on 15 February, 2023
Check the integrity of your Splunk software files   Get help with the CLI

This documentation applies to the following versions of Splunk® Enterprise: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters