Universal parameters
Some commands require that you authenticate with a username and password, or specify a target host or app. For these commands you can include one of the universal parameters: auth, app, or uri.
./splunk [command] [object] [-parameter <value> | <value>]... [-app] [-owner] [-uri] [-auth]| Parameter | Description |
|---|---|
| app | Specify the App or namespace to run the command; for search, defaults to the Search App. |
| auth | Specify login credentials to execute commands that require you to be logged in. |
| owner | Specify the owner/user context associated with an object; if not specified, defaults to the currently logged in user. |
| uri | Excute a command on any specified (remote) Splunk server. |
app
In the CLI, app is an object for many commands, such as create app or enable app. But, it is also a parameter that you can add to a CLI command if you want to run that command on a specific app.
Syntax:
./splunk command object [-parameter value]... -app appnameFor example, when you run a search in the CLI, it defaults to the Search app. If want to run the search in another app:
./splunk search "eventype=error | stats count by source" -detach f -preview t -app unixauth
If a CLI command requires authentication, Splunk will prompt you to supply the username and password. You can also use the -auth flag to pass this information inline with the command. The auth parameter is also useful if you need to run a command that requires different permissions to execute than the currently logged-in user has.
Syntax:
./splunk command object [-parameter value]... -auth username:passworduri
If you want to run a command on a remote Splunk server, use the -uri flag to specify the target host.
Syntax:
./splunk command object [-parameter value]... -uri specified-serverSpecify the target Splunk server with the following format:
[http|https]://name_of_server:management_portYou can specify an IP address for the name_of_server. Both IPv4 and IPv6 formats are supported; for example, the specified-server may read as: 127.0.0.1:80 or "[2001:db8::1]:80". By default, splunkd listens on IPv4 only. To enable IPv6 support, see Configure Splunk Enterprise for IPv6.
./splunk search "host=fflanda error 404 *.gif" -auth admin -uri https://splunkserver:8089For more information about the CLI commands you can run on a remote server, see the next topic in this chapter.