admingit
/
Deployement_Server_old
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2c6cc4836c'
${ noResults }
Deployement_Server_old/system/static/splunkrc_cmds.xml

6261 lines
260 KiB
Raw Blame History

<!--
This is the xml file containing all info about cli commands, sent to us by splunkd
The description of the tags are as follows:
item each group of related commands is within this tag. The cli object which this item represents is indicated by the 'obj' attribute.
If this item is typically a command eg. add, list, edit, remove, display then set the attribute 'verb' to true(Only used for help)
common metadata common to everything under 'item'
common:help the help that will be displayed for this object. the help is dynamically constructed from common:header + common:syntax + cmd:required + cmd:optional + common:examples:ex + footer(some hardcoded text)
if this is empty, then it means that there is 'no extended help' for this.
if not empty but no associated cms sections, then it is probably a string that appears as a command in most places eg. splunk help add. In that case display what we have and then iterate through
and append all the help sections present whereever the cmd is 'add'
common:uri the uri to post to
common:argsmap cli name to eai name mapping
cmd:help help specific to this command
cmd:default default args that are always sent in to the endpoint
cmd:app_context In some cases, an app context is required. But having the user to specify it via the -app argument always is a pain. The UI gets around this by doing a GET, getting the app
context and using this info for a second POST. Use the app_context tag to specify the uri to hit and provide a helper function to parse the response and return the namespace.
cmd:initial for some commands, we need some initial values set. eg. deployment server tenants have a initial value of 'default' until overridden by the user by -tenant args.
In order to accommodate such this, we will use the initial values for the args mentioned within this tag, and override this with whatever the user types in.
-->
<root>
<!-- ===== The following sections specifically deal with the help command as it is quite different ==== -->
<!-- verb help is only shown on a DF (SPL-35075) -->
<item obj="add" verb="true">
<common>
<help>
<header><![CDATA[Add data inputs, user accounts, or saved searches.
Type "./splunk help saved-search" to learn how to add alerts and saved searches.
Type "./splunk help [topic name | object name | parameter name]" to get help on any topic, object, or parameter.]]>
</header>
<syntax><![CDATA[add [object] [-parameter <value> | <value>]]]>
</syntax>
</help>
</common>
</item>
<item obj="edit" verb="true">
<common>
<help>
<header><![CDATA[Edit data inputs, user accounts, or saved searches.
Type "./splunk help saved-search" to learn how to add alerts and saved searches.
Type "./splunk help [topic name | object name | parameter name]" to get help on any topic, object, or parameter.]]>
</header>
<syntax><![CDATA[edit [object] [-parameter <value> | <value>]]]></syntax>
</help>
</common>
</item>
<item obj="list" verb="true">
<common>
<help>
<header><![CDATA[Show current values for settings of your Splunk installation.]]></header>
<syntax><![CDATA[show [object][<value>]]]></syntax>
</help>
</common>
</item>
<item obj="set" verb="true">
<common>
<help>
<header><![CDATA[Set current values for settings of your Splunk installation.]]></header>
<syntax><![CDATA[set [object][<value>]]]></syntax>
</help>
</common>
</item>
<item obj="show" verb="true">
<common>
<help>
<header><![CDATA[Show current values for settings of your Splunk installation.]]></header>
<syntax><![CDATA[show [object][<value>]]]></syntax>
</help>
</common>
</item>
<item obj="enable" verb="true">
<common>
<help>
<header><![CDATA[Enable applications, Splunk server features, and distributed search features.]]></header>
<syntax><![CDATA[enable [object] [-parameter <value> | <value>]]]></syntax>
</help>
</common>
</item>
<item obj="disable" verb="true">
<common>
<help>
<header><![CDATA[Disable applications, Splunk server features, and distributed search features.]]></header>
<syntax><![CDATA[disable [object] [-parameter <value> | <value>]]]></syntax>
</help>
</common>
</item>
<item obj="display" verb="true">
<common>
<help>
<header><![CDATA[Display the current status of your server's distributed search features.]]></header>
<syntax><![CDATA[display [object] [<value>]]]></syntax>
</help>
</common>
</item>
<item obj="remove" verb="true">
<common>
<help>
<header><![CDATA[Remove data inputs, user accounts, or saved searches.]]></header>
<syntax><![CDATA[remove [object] [-parameter <value>| <value>]]]></syntax>
</help>
</common>
</item>
<item obj="reload" verb="true">
<common>
<help>
<header><![CDATA[Reload your authentication system or deployment servers. The complete list of valid subcommands is:]]></header>
<syntax><![CDATA[reload [object] [-parameter <value>]]]></syntax>
</help>
</common>
</item>
<item obj="apply" verb="true">
<common>
<help>
<header><![CDATA[Apply most recent configurations to the cluster]]></header>
<syntax><![CDATA[apply [object] [--parameter]]]></syntax>
</help>
</common>
</item>
<item obj="rolling-restart" verb="true">
<common>
<help>
<header><![CDATA[Restart nodes in an indexer or searchhead cluster.]]></header>
<syntax><![CDATA[rolling-restart [cluster-peers|shcluster-members]]]></syntax>
</help>
</common>
</item>
<item obj="upgrade-init" verb="true">
<common>
<help>
<header><![CDATA[Notify an indexer or searchhead cluster that it is in rolling upgrade mode.]]></header>
<syntax><![CDATA[upgrade-init [cluster-peers|shcluster-members]]]></syntax>
</help>
</common>
</item>
<item obj="upgrade-finalize" verb="true">
<common>
<help>
<header><![CDATA[Notify an indexer or searchhead cluster that the rolling upgrade is done.]]></header>
<syntax><![CDATA[upgrade-finalize [cluster-peers|shcluster-members]]]></syntax>
</help>
</common>
</item>
<item obj="transfer" verb="true">
<common>
<help>
<header><![CDATA[Transfer captaincy in a searchhead cluster.]]></header>
<syntax><![CDATA[transfer shcluster-captain]]></syntax>
</help>
</common>
</item>
<item obj="bootstrap" verb="true">
<common>
<help>
<header><![CDATA[Bootstrap a searchhead cluster.]]></header>
<syntax><![CDATA[bootstrap shcluster-captain]]></syntax>
</help>
</common>
</item>
<item obj="resync" verb="true">
<common>
<help>
<header><![CDATA[Resyncs configurations on a search head cluster.]]></header>
<syntax><![CDATA[resync [kvstore|shcluster-replicated-config]]]></syntax>
</help>
</common>
</item>
<item obj="backup" verb="true">
<common>
<help>
<header><![CDATA[Backup kvstore data to a file.
The archive file will be placed in $SPLUNK_DB/kvstorebackup/]]></header>
<syntax><![CDATA[backup [kvstore]]]></syntax>
<examples>
<ex><![CDATA[./splunk backup kvstore -archiveName kvdump]]></ex>
</examples>
</help>
</common>
</item>
<item obj="restore" verb="true">
<common>
<help>
<header><![CDATA[Restore kvstore data from a file.
The archive file will be read from $SPLUNK_DB/kvstorebackup/
Data will not be restored to non-existent collections. They should be recreated first.]]></header>
<syntax><![CDATA[restore [kvstore]]]></syntax>
<examples>
<ex><![CDATA[./splunk restore kvstore -archiveName kvdump.tar.gz]]></ex>
</examples>
</help>
</common>
</item>
<item obj="install" verb="true">
<common>
<help>
<header><![CDATA[Install an app from a tar.gz package to the local Splunk server.
The package might be referenced either via a url or a local path.]]>
</header>
<syntax><![CDATA[install [object] [-parameter <value> | <value>]]]></syntax>
</help>
</common>
</item>
<item obj="rotate" verb="true">
<common>
<help>
<header><![CDATA[Generate a new splunk.secret (encryption key), and re-encrypt all configuration with the new key.]]></header>
<syntax><![CDATA[rotate [splunk-secret|shcluster-splunk-secret]]]></syntax>
<examples>
<ex><![CDATA[./splunk rotate splunk-secret]]></ex>
</examples>
</help>
</common>
</item>
<!-- ==== end of specific 'help' handling ==== -->
<!-- rotate splunk-secret -->
<item obj="splunk-secret">
<common>
<help>
<header><![CDATA[This is the secret key used to encrypt or decrypt sensitive configuration stored on disk.]]></header>
<syntax><![CDATA[[rotate] splunk-secret]]></syntax>
</help>
</common>
<cmd name="rotate">
<uri><![CDATA[/server/security/splunk-secret/rotate]]></uri>
<help>
<title><![CDATA[Generate a new splunk.secret (encryption key), and re-encrypt all configuration with the new key.]]></title>
<syntax><![CDATA[rotate splunk-secret]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk rotate splunk-secret]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- enable|disable boot-start -->
<item obj="boot-start">
<common>
<help>
<header><![CDATA[This object controls whether or not Splunk starts when the operating system boots.]]></header>
<syntax><![CDATA[enable|disable boot-start]]></syntax>
</help>
</common>
<cmd name="enable">
<help>
<title><![CDATA[set Splunk to run when the operating system boots]]></title>
<optional>
<arg name="-user"><![CDATA[specifies which user to run as at boot time;
(default=root on *nix, SYSTEM on Windows.); on Windows the
user needs to be fully-qualified with the domain (e.g. "domain\username");
when specifying a user other than SYSTEM you will need to specify
the account password via the SPLUNK_PASS environment variable]]></arg>
</optional>
</help>
</cmd>
<cmd name="disable">
<help>
<title><![CDATA[set Splunk to not run when the operating system boots]]></title>
</help>
</cmd>
</item>
<!-- list config -->
<item obj="config">
<common>
<help />
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[show the details of a specified conf file. (NOTE: this command will only work if the file exists in the location specified by $SPLUNK_HOME/etc/system/default/conf.conf)]]></title>
</help>
<uri><![CDATA[/properties/]]></uri>
<type>list</type>
<eai_id><![CDATA[{name}]]></eai_id>
</cmd>
</item>
<!-- list|set web-port -->
<item obj="web-port">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the port that Splunk Web listens on]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[httpport]]></implied_arg_name>
<help>
<title><![CDATA[set the port that Splunk Web listens on]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="httpport" value="" />
</default>
</cmd>
</item>
<!-- list|set splunkd-port -->
<item obj="splunkd-port">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="mgmturl" eainame="mgmtHostPort" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the port that the Splunk daemon (splunkd) listens on]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[mgmturl]]></implied_arg_name>
<help>
<title><![CDATA[new port that splunkd should listen on]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="mgmturl" value="" />
</default>
</cmd>
</item>
<!-- list|set kvstore-port -->
<item obj="kvstore-port">
<common>
<help>
<header><![CDATA[This object controls Splunk KV Store port.]]></header>
<syntax><![CDATA[show|set kvstore-port]]></syntax>
</help>
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="kvstoreurl" eainame="kvStorePort" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[displays the port that the KV Store uses]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[kvstoreurl]]></implied_arg_name>
<help>
<title><![CDATA[sets the port that the KV Store uses]]></title>
<required>
<arg name="port"><![CDATA[port value to be set]]></arg>
</required>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="kvstoreurl" value="" />
</default>
</cmd>
</item>
<item obj="appserver-ports">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="ports" eainame="appServerPorts" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the ports that the Splunk application server listens on]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[ports]]></implied_arg_name>
<help>
<title><![CDATA[new port that Splunk application server should listen on]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="ports" value="" />
</default>
</cmd>
</item>
<!-- list|set dfsmaster-port -->
<item obj="dfsmaster-port">
<common>
<help>
<header><![CDATA[This object controls Splunk DFS port.]]></header>
<syntax><![CDATA[show|set dfsmaster-port]]></syntax>
</help>
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="dfsurl" eainame="dfsMasterPort" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[displays the port that the DFS uses]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[dfsurl]]></implied_arg_name>
<help>
<title><![CDATA[sets the port that the DFS uses]]></title>
<required>
<arg name="port"><![CDATA[port value to be set]]></arg>
</required>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="dfsurl" value="" />
</default>
</cmd>
</item>
<!-- list|set default-hostname -->
<item obj="default-hostname">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="default-hostname" eainame="host" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the default host name used for all data inputs]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[default-hostname]]></implied_arg_name>
<help>
<title><![CDATA[new host name to use]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
</cmd>
</item>
<!-- list|set minfreemb -->
<item obj="minfreemb">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="minspace" eainame="minFreeSpace" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the minimum free disk space threshold (if free space falls below this amount Splunk stops indexing data)]]></title>
<examples>
<ex><![CDATA[./splunk show minfreemb]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[minFreeSpace]]></implied_arg_name>
<help>
<title><![CDATA[set the minimum free disk space threshold]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="minspace" value="" />
</default>
</cmd>
</item>
<!-- list guid -->
<item obj="guid">
<common>
<help />
<uri><![CDATA[/server/info]]></uri>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the guid of the box]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list fips-mode-->
<item obj="fips-mode">
<common>
<help />
<uri><![CDATA[/server/info]]></uri>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<help>
<title><![CDATA[show FIPS mode status]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|set servername -->
<item obj="servername">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show the servername used in a distributed search]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[serverName]]></implied_arg_name>
<help>
<title><![CDATA[set the servername used in a distributed search]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
</cmd>
</item>
<!-- list|set datastore-dir -->
<item obj="datastore-dir">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
<argsmap>
<arg cliname="datastore-dir" eainame="SPLUNK_DB" />
</argsmap>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[show which directory is used for Splunk's datastore]]></title>
</help>
<type>list</type>
</cmd>
<cmd name="set">
<offline_ok />
<implied_arg_name><![CDATA[datastore-dir]]></implied_arg_name>
<help>
<title><![CDATA[path to new datastore directory]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="datastore-dir" value="" />
</default>
<examples>
<ex><![CDATA[./splunk set datastore-dir -value /media/san]]></ex>
</examples>
</cmd>
</item>
<!-- list|set log-level -->
<item obj="log-level">
<common>
<uri><![CDATA[/server/logger/{name}]]></uri>
<help>
<header><![CDATA[Change logging levels of Splunk components.]]></header>
</help>
</common>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[Show current logging levels]]></title>
<examples>
<ex><![CDATA[./splunk show log-level]]></ex>
</examples>
</help>
<type>list</type>
<default>
<arg name="count" value="-1" />
</default>
<initial>
<arg name="name" value="" />
</initial>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
</cmd>
<cmd name="set">
<offline_ok />
<help>
<title><![CDATA[Change the logging level of a Splunk component]]></title>
<examples>
<ex><![CDATA[./splunk set log-level TailingProcessor -level DEBUG]]></ex>
</examples>
</help>
<type>edit</type>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
</cmd>
</item>
<!-- enable|disable web-ssl -->
<item obj="web-ssl">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
</common>
<cmd name="enable">
<offline_ok />
<help>
<title><![CDATA[make Splunk Web's HTTP port use SSL encryption]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="enableSplunkWebSSL" value="true" />
</default>
</cmd>
<cmd name="disable">
<offline_ok />
<help>
<title><![CDATA[make Splunk Web's HTTP port not to use SSL encryption]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="enableSplunkWebSSL" value="false" />
</default>
</cmd>
</item>
<!-- enable|disable webserver -->
<item obj="webserver">
<common>
<help />
<uri><![CDATA[/server/settings]]></uri>
</common>
<cmd name="enable">
<offline_ok />
<help>
<title><![CDATA[set whether the Splunk server should be started]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="startwebserver" value="1" />
</default>
</cmd>
<cmd name="disable">
<offline_ok />
<help>
<title><![CDATA[set whether the Splunk server should be started]]></title>
</help>
<type>edit</type>
<eai_id>server-settings</eai_id>
<default>
<arg name="startwebserver" value="0" />
</default>
</cmd>
</item>
<!-- add|edit|list|remove|reload exec -->
<item obj="exec">
<common>
<help>
<header><![CDATA[An object used to identify scripted inputs.]]></header>
<syntax><![CDATA[[list|add|edit|remove] exec scripted_input_source]]></syntax>
</help>
<uri><![CDATA[/data/inputs/script/]]></uri>
<argsmap>
<arg cliname="source" eainame="name" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[adds scripted inputs]]></title>
<required>
<arg name="source"><![CDATA[command and arguments to be run]]></arg>
<arg name="interval"><![CDATA[number of seconds to wait before running the command]]></arg>
</required>
<optional>
<arg name="hostregex"><![CDATA[quoted string description for the app]]></arg>
<arg name="host"><![CDATA[hostname to set as the host value]]></arg>
<arg name="index"><![CDATA[index to place events in]]></arg>
<arg name="keep-open"><![CDATA[set the command to not terminate]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
</optional>
</help>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[edits scripted inputs]]></title>
<required>
<arg name="source"><![CDATA[command and arguments to be run]]></arg>
</required>
<optional>
<arg name="hostregex"><![CDATA[quoted string description for the app]]></arg>
<arg name="host"><![CDATA[hostname to set as the host value]]></arg>
<arg name="index"><![CDATA[index to place events in]]></arg>
<arg name="interval"><![CDATA[number of seconds to wait before running the command]]></arg>
<arg name="keep-open"><![CDATA[set the command to not terminate]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
</optional>
</help>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list scripted inputs]]></title>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[remove scripted inputs]]></title>
<required>
<arg name="source"><![CDATA[command and arguments to remove]]></arg>
</required>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/script/_reload]]></uri>
<help>
<title><![CDATA[reloads script input configuration, making immediately effective all
"add/edit/remove exec" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- reload crl -->
<item obj="crl">
<common>
<help>
<header><![CDATA[An object used to identify Certificate Revocation Lists (CRLs).]]></header>
<syntax><![CDATA[[reload crl]]></syntax>
</help>
<uri><![CDATA[/server/security/crl/]]></uri>
<argsmap>
<arg cliname="name" eainame="name" />
</argsmap>
</common>
<cmd name="reload">
<uri><![CDATA[/server/security/crl/_reload]]></uri>
<help>
<title><![CDATA[reloads CRL information within Splunk by clearing internal state and
reloading CRL info from the directory $SPLUNK_HOME/etc/auth/crl]]></title>
</help>
<type>list</type>
<post_only/>
</cmd>
</item>
<!-- list|add|edit|enable|disable|reload|remove index -->
<item obj="index">
<common>
<help>
<header><![CDATA[An object used to identify indexes.]]></header>
<syntax><![CDATA[[list|add|edit|enable|disable|reload|remove] index -name index_name]]></syntax>
</help>
<uri><![CDATA[/data/indexes/]]></uri>
<argsmap>
<arg cliname="name" eainame="name" />
</argsmap>
</common>
<cmd name="list">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[list all indexes on this server]]></title>
<required>
</required>
<optional>
<arg name="indexName"><![CDATA[display details of specified indexname]]></arg>
</optional>
</help>
<eai_id>{name}</eai_id>
<default>
<arg name="count" value="-1" />
<arg name="name" value="" />
</default>
</cmd>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[adds index on this server]]></title>
<required>
<arg name="name"><![CDATA[name of index (if none set - then use all)]]></arg>
</required>
<optional>
</optional>
</help>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[edits index on this server]]></title>
<required>
<arg name="name"><![CDATA[name of index]]></arg>
</required>
<optional>
</optional>
</help>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<uri><![CDATA[/data/indexes/{name}/enable/]]></uri>
<help>
<title><![CDATA[enables writing to an index]]></title>
<required>
<arg name="name"><![CDATA[name of index]]></arg>
</required>
<optional>
</optional>
</help>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<uri><![CDATA[/data/indexes/{name}/disable/]]></uri>
<help>
<title><![CDATA[disables writing to an index]]></title>
<required>
<arg name="name"><![CDATA[name of index]]></arg>
</required>
<optional>
</optional>
</help>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[removes an index]]></title>
<required>
<arg name="name"><![CDATA[name of index]]></arg>
</required>
<optional>
</optional>
</help>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/indexes/_reload]]></uri>
<help>
<title><![CDATA[reloads index configuration, making immediately effective all
"add/edit/enable/disable index" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
<post_only/>
</cmd>
</item>
<!-- enable|disable Workload-Management -->
<item obj="workload-management">
<cmd name="enable">
<uri><![CDATA[/workloads/config/enable]]></uri>
<help>
<title><![CDATA[Enable Workload-Management on a Splunk Instance]]></title>
<examples>
<ex><![CDATA[./splunk enable workload-management]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="disable">
<uri><![CDATA[/workloads/config/disable]]></uri>
<help>
<title><![CDATA[Disable Workload-Management on a Splunk Instance]]></title>
<examples>
<ex><![CDATA[./splunk disable workload-management]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<item obj="workload-config">
<cmd name="get-base-dirname">
<uri><![CDATA[/workloads/config/get-base-dirname]]></uri>
<help>
<title><![CDATA[get the base dir name for splunk workload pools]]></title>
<syntax><![CDATA[get-base-dirname workload-config]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
<type>list</type>
</cmd>
<cmd name="set-base-dirname">
<uri><![CDATA[/workloads/config/set-base-dirname]]></uri>
<help>
<title><![CDATA[set the base dir name for splunk workload pools]]></title>
<syntax><![CDATA[set-base-dirname workload-config -workload_pool_base_dir_name <value>]]></syntax>
<required>
<arg name="workload_pool_base_dir_name"><![CDATA[the name of the base directory for splunk workload pools]]></arg>
</required>
</help>
<type>edit</type>
<post_only/>
</cmd>
<!-- check workload-management-preflight-checks -->
<cmd name="check">
<uri><![CDATA[/workloads/config/preflight-checks]]></uri>
<help>
<title><![CDATA[Preflight checks of workload management.]]></title>
<syntax><![CDATA[check workload-config]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk check workload-config']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- edit|list workload-category -->
<item obj="workload-category">
<common>
<help>
<header><![CDATA[An object used to specify and modify workload category]]></header>
</help>
<uri><![CDATA[/workloads/categories/]]></uri>
<argsmap>
<arg cliname="category" eainame="name" />
</argsmap>
</common>
<cmd name="edit">
<implied_arg_name><![CDATA[category]]></implied_arg_name>
<help>
<title><![CDATA[edits a workload-category]]></title>
<syntax><![CDATA[edit workload-category <_name> [-parameter <value>] ...]]></syntax>
<required>
<arg name="category"><![CDATA[the workload-category to edit]]></arg>
</required>
<optional>
<arg name="cpu_weight"><![CDATA[The cpu weight to be used for this category]]></arg>
<arg name="mem_weight"><![CDATA[The memory weight to be used for this category]]></arg>
</optional>
</help>
<eai_id>{category}</eai_id>
<examples>
<ex><![CDATA[./splunk edit workload-category search -cpu_weight 40 -mem_weight 40]]></ex>
</examples>
</cmd>
<cmd name="list">
<help>
<title><![CDATA[list all workload-category]]></title>
<syntax><![CDATA[list workload-category]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- add|remove|edit|list workload-pool -->
<item obj="workload-pool">
<common>
<help>
<header><![CDATA[An object used to specify and modify workload pools]]></header>
</help>
<uri><![CDATA[/workloads/pools/]]></uri>
<argsmap>
<arg cliname="pool_name" eainame="name" />
</argsmap>
</common>
<cmd name="add">
<implied_arg_name><![CDATA[pool_name]]></implied_arg_name>
<help>
<title><![CDATA[adds a workload-pool]]></title>
<syntax><![CDATA[add workload-pool <pool_name> [-parameter <value>] ...]]></syntax>
<required>
<arg name="pool_name"><![CDATA[the name of the workload-pool to create]]></arg>
<arg name="cpu_weight"><![CDATA[The cpu weight to be used for this pool]]></arg>
<arg name="mem_weight"><![CDATA[The memory weight to be used for this pool]]></arg>
<arg name="category"><![CDATA[The memory weight to be used for this pool]]></arg>
</required>
<optional>
<arg name="default_category_pool"><![CDATA[Mark this pool as the default category pool]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add workload-pool pool_a -category search -cpu_weight 30 -mem_weight 20]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<implied_arg_name><![CDATA[pool_name]]></implied_arg_name>
<help>
<title><![CDATA[removes a workload-pool]]></title>
<syntax><![CDATA[remove workload-pool <pool_name>]]></syntax>
<required>
<arg name="pool_name"><![CDATA[the name of the workload-pool to remove]]></arg>
</required>
</help>
<eai_id>{pool_name}</eai_id>
</cmd>
<cmd name="edit">
<implied_arg_name><![CDATA[pool_name]]></implied_arg_name>
<help>
<title><![CDATA[edits a workload-pool]]></title>
<syntax><![CDATA[edit workload-pool <pool_name> [-parameter <value>] ...]]></syntax>
<required>
<arg name="pool_name"><![CDATA[the name of the workload-pool to edit]]></arg>
</required>
<optional>
<arg name="cpu_weight"><![CDATA[The cpu weight to be used for this pool]]></arg>
<arg name="mem_weight"><![CDATA[The memory weight to be used for this pool]]></arg>
<arg name="default_category_pool"><![CDATA[Mark this pool as the default category pool]]></arg>
</optional>
</help>
<eai_id>{pool_name}</eai_id>
<examples>
<ex><![CDATA[./splunk edit workload-pool pool_a -cpu_weight 40]]></ex>
</examples>
</cmd>
<cmd name="list">
<help>
<title><![CDATA[list all workload-pool]]></title>
<syntax><![CDATA[list workload-pool]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- add|remove|edit|list|enable|disable workload-rule -->
<item obj="workload-rule">
<common>
<help>
<header><![CDATA[An object used to specify and modify workload rules]]></header>
</help>
<uri><![CDATA[/workloads/rules/]]></uri>
<argsmap>
<arg cliname="rule_name" eainame="name" />
</argsmap>
</common>
<cmd name="add">
<implied_arg_name><![CDATA[rule_name]]></implied_arg_name>
<help>
<title><![CDATA[adds a workload-rule]]></title>
<syntax><![CDATA[add workload-rule <rule_name> [-parameter <value>] ...]]></syntax>
<required>
<arg name="rule_name"><![CDATA[the name of the workload-rule to create]]></arg>
<arg name="predicate"><![CDATA[the logical expression of workload-rule with predicate as <type>=<value>. eg: role=admin, app=search AND (NOT index=_internal), runtime>10. Possible values of type are: app, role, user, index, runtime, search_type, search_mode, search_time_range]]></arg>
</required>
<optional>
<arg name="workload_pool"><![CDATA[the name of the workload-pool to associate the rule with, the workload-pool must be defined earlier]]></arg>
<arg name="action"><![CDATA[the monitoring action to perform. Possible values of type are: abort, move, alert]]></arg>
<arg name="schedule"><![CDATA[the schedule of the workload-rule. Possible values are: always_on, time_range, every_day, every_week, every_month]]></arg>
<arg name="start_date"><![CDATA[the start date of the validation period]]></arg>
<arg name="start_time"><![CDATA[the start time of the validation period]]></arg>
<arg name="end_date"><![CDATA[the end date of the validation period]]></arg>
<arg name="end_time"><![CDATA[the end time of the validation period]]></arg>
<arg name="every_week_days"><![CDATA[the recurring days in a week]]></arg>
<arg name="every_month_days"><![CDATA[the recurring days in a month]]></arg>
<arg name="user_message"><![CDATA[the message shown in the search job inspector if the rule is applied to a search]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add workload-rule "my_role_rule" -predicate "role=admin OR app=search" -workload_pool "pool_a" -schedule "always_on"]]></ex>
<ex><![CDATA[./splunk add workload-rule "my_role_rule" -predicate "runtime>20" -action abort -schedule "every_week" -start_time "10:00" -end_time "15:00" -every_week_days "0,4,6" -user_message "The search is aborted due to long runtime"]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<implied_arg_name><![CDATA[rule_name]]></implied_arg_name>
<help>
<title><![CDATA[removes a workload-rule]]></title>
<syntax><![CDATA[remove workload-rule <rule_name> [-parameter <value>]]]></syntax>
<required>
<arg name="rule_name"><![CDATA[the name of the workload-rule to remove]]></arg>
</required>
<optional>
<arg name="workload_rule_type"><![CDATA[the type of the workload-rule to remove]]></arg>
</optional>
</help>
<eai_id>{rule_name}</eai_id>
</cmd>
<cmd name="edit">
<implied_arg_name><![CDATA[rule_name]]></implied_arg_name>
<help>
<title><![CDATA[edits a workload-rule]]></title>
<syntax><![CDATA[edit workload-rule <rule_name> [-parameter <value>] ...]]></syntax>
<required>
<arg name="rule_name"><![CDATA[the name of the workload-rule to edit]]></arg>
</required>
<optional>
<arg name="predicate"><![CDATA[the workload-rule in type=key format eg: app=search, role=admin. Possible values of type are: app, role, user, index, runtime, search_type, search_mode, search_time_range]]></arg>
<arg name="workload_pool"><![CDATA[the name of the workload-pool to associate the rule with]]></arg>
<arg name="order"><![CDATA[the order of the workload-rule within the total set of rules]]></arg>
<arg name="action"><![CDATA[the monitoring action to perform. Possible values of type are: abort, move, alert]]></arg>
<arg name="schedule"><![CDATA[the schedule of the workload-rule. Possible values are: always_on, time_range, every_day, every_week, every_month]]></arg>
<arg name="start_date"><![CDATA[the start date of the validation period]]></arg>
<arg name="start_time"><![CDATA[the start time of the validation period]]></arg>
<arg name="end_date"><![CDATA[the end date of the validation period]]></arg>
<arg name="end_time"><![CDATA[the end time of the validation period]]></arg>
<arg name="every_week_days"><![CDATA[the recurring days in a week]]></arg>
<arg name="every_month_days"><![CDATA[the recurring days in a month]]></arg>
<arg name="user_message"><![CDATA[the message shown in the search job inspector if the rule is applied to a search]]></arg>
<arg name="workload_rule_type"><![CDATA[the type of the workload-rule to edit]]></arg>
</optional>
</help>
<eai_id>{rule_name}</eai_id>
<examples>
<ex><![CDATA[./splunk edit workload-rule my_role_rule -workload_pool pool_b]]></ex>
</examples>
</cmd>
<cmd name="list">
<help>
<title><![CDATA[list all workload-rule]]></title>
<syntax><![CDATA[list workload-rule [-parameter <value>]]]></syntax>
<optional>
<arg name="workload_rule_type"><![CDATA[the type of the workload-rule to list]]></arg>
</optional>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<implied_arg_name><![CDATA[rule_name]]></implied_arg_name>
<uri><![CDATA[/workloads/rules/{rule_name}/enable/]]></uri>
<help>
<title><![CDATA[enables a workload-rule]]></title>
<required>
<arg name="rule_name"><![CDATA[name of workload-rule to enable]]></arg>
</required>
<optional>
<arg name="workload_rule_type"><![CDATA[type of the workload-rule to enable]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk enable workload-rule <rule_name>]]></ex>
<ex><![CDATA[./splunk enable workload-rule <rule_name> -workload_rule_type search_filter]]></ex>
</examples>
</help>
<type>edit</type>
<eai_id>{rule_name}</eai_id>
</cmd>
<cmd name="disable">
<implied_arg_name><![CDATA[rule_name]]></implied_arg_name>
<uri><![CDATA[/workloads/rules/{rule_name}/disable/]]></uri>
<help>
<title><![CDATA[disables a workload-rule]]></title>
<required>
<arg name="rule_name"><![CDATA[name of workload-rule to disable]]></arg>
</required>
<optional>
<arg name="workload_rule_type"><![CDATA[type of the workload-rule to enable]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk disable workload-rule <rule_name>]]></ex>
<ex><![CDATA[./splunk disable workload-rule <rule_name> -workload_rule_type search_filter]]></ex>
</examples>
</help>
<type>edit</type>
<eai_id>{rule_name}</eai_id>
</cmd>
</item>
<!-- show workload-management-status -->
<item obj="workload-management-status">
<cmd name="show">
<uri><![CDATA[/workloads/status]]></uri>
<help>
<title><![CDATA[View status of workload management.]]></title>
<syntax><![CDATA[show workload-management-status]]></syntax>
<required/>
<optional>
<arg name="--verbose"><![CDATA[get advanced information on the status of the workload management.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk show workload-management-status']]></ex>
<ex><![CDATA['./splunk show workload-management-status --verbose']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<item obj="workload-policy">
<common>
<help>
<header><![CDATA[An object used to list and modify workload policy]]></header>
</help>
<uri><![CDATA[/workloads/policy/]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[list workload policy configurations]]></title>
<syntax><![CDATA[list workload-policy]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
<type>list</type>
</cmd>
</item>
<item obj="search-admission-control">
<common>
<help>
<header><![CDATA[An object used to configure search admission control]]></header>
</help>
<uri><![CDATA[/workloads/policy/search_admission_control]]></uri>
</common>
<cmd name="edit">
<help>
<title><![CDATA[Edit property under search admission control]]></title>
<syntax><![CDATA[edit search-admission-control [-parameter <value>] ...]]></syntax>
<optional>
<arg name="admission_rules_enabled"><![CDATA[whether to enable admission rules, possible values are true|false, or 1|0]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit search-admission-control -admission_rules_enabled 1]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- list cascade-plans -->
<item obj="cascade-plans">
<cmd name="list">
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<uri><![CDATA[/replication/cascading/plans]]></uri>
<eai_id>{name}</eai_id>
<default>
<arg name="name" value="" />
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List available cascading replication plans]]></title>
<syntax><![CDATA[list cascade-plans [plan_id]]]></syntax>
<required/>
<optional>
<arg name="name"><![CDATA[The plan id of the cascading plan]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk list cascade-plans]]></ex>
<ex><![CDATA[./splunk list cascade-plans 9ADCF249-3130-4976-B89D-A6CD6B86426F]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show cascade-plan-status -->
<item obj="cascade-plan-status">
<cmd name="show">
<implied_arg_name><![CDATA[plan_id]]></implied_arg_name>
<uri><![CDATA[/replication/cascading/plans/{plan_id}/status]]></uri>
<help>
<title><![CDATA[View status of cascading plan]]></title>
<required>
<arg name="plan_id"><![CDATA[The plan id of the cascading plan]]></arg>
</required>
<syntax><![CDATA[show cascade-plan-status <plan_id>]]></syntax>
<examples>
<ex><![CDATA['./splunk show cascade-plan-status 9ADCF249-3130-4976-B89D-A6CD6B86426F']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show bundle-replication-status -->
<item obj="bundle-replication-status">
<cmd name="show">
<uri><![CDATA[/search/distributed/bundle/replication/cycles]]></uri>
<help>
<title><![CDATA[View status of knowledge bundle replication]]></title>
<syntax><![CDATA[show bundle-replication-status]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show bundle-replication-status']]></ex>
</examples>
</help>
<default>
<arg name="latest" value="true" />
</default>
<type>list</type>
</cmd>
</item>
<!-- show bundle-replication-config -->
<item obj="bundle-replication-config">
<cmd name="show">
<uri><![CDATA[/search/distributed/bundle/replication/config]]></uri>
<help>
<title><![CDATA[View configuration of knowledge bundle replication]]></title>
<syntax><![CDATA[show bundle-replication-config]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show bundle-replication-config']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show remote-output-queue-config -->
<item obj="remote-output-queue-config">
<cmd name="show">
<uri><![CDATA[/remote/queue/output/config]]></uri>
<help>
<title><![CDATA[View configuration of remote output queue]]></title>
<syntax><![CDATA[show remote-output-queue-config]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show remote-output-queue-config']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show remote-output-queue-status -->
<item obj="remote-output-queue-status">
<cmd name="show">
<uri><![CDATA[/remote/queue/output/status]]></uri>
<help>
<title><![CDATA[View status of remote output queue]]></title>
<syntax><![CDATA[show remote-output-queue-status]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show remote-output-queue-status']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show remote-input-queue-config -->
<item obj="remote-input-queue-config">
<cmd name="show">
<uri><![CDATA[/remote/queue/input/config]]></uri>
<help>
<title><![CDATA[View configuration of remote input queue]]></title>
<syntax><![CDATA[show remote-input-queue-config]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show remote-input-queue-config']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show remote-input-queue-status -->
<item obj="remote-input-queue-status">
<cmd name="show">
<uri><![CDATA[/remote/queue/input/status]]></uri>
<help>
<title><![CDATA[View status of remote input queue]]></title>
<syntax><![CDATA[show remote-input-queue-status]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show remote-input-queue-status']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list health report status -->
<item obj="health">
<cmd name="show" synonym="list" />
<cmd name="list">
<help>
<title><![CDATA[show the health report status of the Splunk instance.]]></title>
<syntax><![CDATA[list health [-features <feature_names>]]]></syntax>
<optional>
<arg name="features"><![CDATA[Comma separated feature names to be listed]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk list health -features "BatchReader, TailReader"']]></ex>
</examples>
</help>
<uri><![CDATA[/server/health/splunkd/details]]></uri>
<type>list</type>
</cmd>
</item>
<!-- list|edit cluster-config -->
<item obj="cluster-config">
<common>
<help>
<header><![CDATA[Configure clustering]]></header>
<syntax><![CDATA[[list|edit] cluster-config]]></syntax>
</help>
<uri><![CDATA[/cluster/config]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[List current Clustering configuration]]></title>
<syntax><![CDATA[list cluster-config]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list cluster-config]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
<type>list</type>
</cmd>
<cmd name="edit">
<implied_arg_name><![CDATA[mode]]></implied_arg_name>
<uri><![CDATA[/cluster/config/config]]></uri>
<help>
<title><![CDATA[edit current clustering configuration]]></title>
<syntax><![CDATA[edit cluster-config -mode master|slave|searchhead -<parameter_name> <parameter_value>]]></syntax>
<required>
<arg name="mode"><![CDATA[master|slave|searchhead]]></arg>
</required>
<optional>
<arg name="cxn_timeout"><![CDATA[connection timeout]]></arg>
<arg name="send_timeout"><![CDATA[send timeout]]></arg>
<arg name="rcv_timeout"><![CDATA[recieve timeout]]></arg>
<arg name="rep_cxn_timeout"><![CDATA[replication connection timeout]]></arg>
<arg name="rep_send_timeout"><![CDATA[replication send timeout]]></arg>
<arg name="rep_rcv_timeout"><![CDATA[replication receive timeout]]></arg>
<arg name="rep_max_send_timeout"><![CDATA[maximum replication send timeout]]></arg>
<arg name="rep_max_rcv_timeout"><![CDATA[maximum replication receive timeout]]></arg>
<arg name="replication_factor"><![CDATA[sets the replication factor]]></arg>
<arg name="search_factor"><![CDATA[sets the search factor]]></arg>
<arg name="heartbeat_timeout"><![CDATA[sets the hearbeat timeout]]></arg>
<arg name="restart_timeout"><![CDATA[sets the time the master waits for peer to readd after restart]]></arg>
<arg name="master_uri"><![CDATA[sets the value of the master uri]]></arg>
<arg name="replication_port"><![CDATA[specify the replication port]]></arg>
<arg name="max_peer_build_load"><![CDATA[specify the max number of concurrent jobs to make bucket searchable]]></arg>
<arg name="max_peer_rep_load"><![CDATA[specify the max number of concurrent replications that peer can take part in as target]]></arg>
<arg name="max_nonhot_rep_kBps"><![CDATA[specify the max warm/cold/summary replication throughput(kb(bytes)/s) ]]></arg>
<arg name="secret"><![CDATA[sets the value of the secret key between master and slaves <br /> Caution: Passing login credentials on the CLI is a security risk.]]></arg>
<arg name="multisite"><![CDATA[used to turn on the multisite feature for this cluster]]></arg>
<arg name="site_replication_factor"><![CDATA[sets the replication factor for a multisite configuration. See examples for usage]]></arg>
<arg name="site_search_factor"><![CDATA[sets the search factor for a multisite configuration. See examples for usage]]></arg>
<arg name="site"><![CDATA[sets the site-id for slave/searchhead indexer.Valid values include site1 to site64]]></arg>
<arg name="available_sites"><![CDATA[sets the various sites that are recognised for this master.Valid values include site1 to site64]]></arg>
<arg name="forwarder_site_failover"><![CDATA[sets the mapping from primary site to failover site.Valid site values include site1 to site64]]></arg>
<arg name="use_batch_mask_changes"><![CDATA[specifies whether master should process mask changes for buckets in batch or individual mode]]></arg>
<arg name="cluster_label"><![CDATA[sets a label that is associated with the cluster]]></arg>
<arg name="summary_replication"><![CDATA[Turn on summary replication in the cluster.]]></arg>
<arg name="allowed_hbmiss_count"><![CDATA[Number of consecutive heartbeat misses this peer can tolerate before it performs a re-add to cluster master]]></arg>
<arg name="manual_detention"><![CDATA[Sets the peers in manual detention]]></arg>
<arg name="re_add_on_bucket_request_error"><![CDATA[specify whether slave should re-add itself to master if master returns an error for a bucket request.]]></arg>
<arg name="max_peers_to_download_bundle"><![CDATA[specifies maximum number of peers that can download newly available cluster master bundle.]]></arg>
<arg name="auto_rebalance_primaries"><![CDATA[specifies if the master should automatically rebalance bucket primaries on certain triggers.]]></arg>
<arg name="use_batch_remote_rep_changes"><![CDATA[specifies whether master should process bucket copy changes for buckets in batch or individual mode]]></arg>
<arg name="max_replication_errors"><![CDATA[specifies maximum replication errors from source to a specific target indexer]]></arg>
<arg name="target_wait_time"><![CDATA[specifies the time the master waits for target before it makes bucket serviceable]]></arg>
<arg name="remote_storage_upload_timeout"><![CDATA[specifies the time the target peer waits before it starts uploading the bucket in a remote storage enabled index]]></arg>
<arg name="remote_storage_retention_period"><![CDATA[specifies the period after which the master freezes the buckets on indexers]]></arg>
<arg name="executor_workers"><![CDATA[specifies the number of threads that can be used by the clustering thread pool]]></arg>
<arg name="generation_poll_interval"><![CDATA[specifies how often, in seconds, the search head polls the master for generation information]]></arg>
<arg name="service_jobs_msec"><![CDATA[specifies the max time, in milliseconds, the cluster master spends servicing finished jobs for each service call]]></arg>
<arg name="report_remote_storage_bucket_upload_to_targets"><![CDATA[specifies, for a remote storage enabled index, whether the source peer reports a successful bucket upload to target peers]]></arg>
<arg name="searchable_rebalance"><![CDATA[specifies whether searches can continue uninterrupted during data rebalancing]]></arg>
<arg name="rebalance_pipeline_batch_size"><![CDATA[specifies the maximum number of buckets for a batch entering the excess bucket removal phase of the rebalance pipeline]]></arg>
<arg name="rebalance_search_completion_timeout"><![CDATA[specifies the amount of time, in seconds, that the master waits for older generation searches on indexers to complete before removing any excess buckets]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit cluster-config -mode slave -replication_port 4535]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode slave -allowed_hbmiss_count 5]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode slave -manual_detention on|off|on_ports_enabled]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode master -peers <peer_guid1>,<peer_guid2> -manual_detention on|off|on_ports_enabled]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode master -secret foo]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode master -multisite true -auth admin:changeme]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode master -multisite true -site_replication_factor origin:2,site1:2,total:5 -site_search_factor origin:2,total:3 -site site1 -available_sites site1,site2 -auth admin:changeme -use_batch_mask_changes true]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode slave -master_uri https://server_name:port -secret foo]]></ex>
<ex><![CDATA[./splunk edit cluster-config -mode slave -site site2 ]]></ex>
</examples>
</help>
</cmd>
</item>
<!--add|edit|remove|list master-->
<item obj="master" synonym="cluster-master" />
<item obj="cluster-master">
<common>
<help>
<header><![CDATA[Changes the masters that a particular searchhead can search across. This command is only applicable to splunk instances configured as a clustering searchhead]]>
</header>
</help>
<uri><![CDATA[/cluster/searchhead/searchheadconfig]]></uri>
</common>
<cmd name="add">
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Adds another master to the list of instances a searchhead searches across]]></title>
<required>
<arg name="master_uri"><![CDATA[the value of the master uri]]></arg>
</required>
<optional>
<arg name="secret"><![CDATA[the secret/pass4SymmKey used for the master]]></arg>
<arg name="site"><![CDATA[the site-id for the searchhead for this master]]></arg>
<arg name="multisite"><![CDATA[used to turn on|off multisite for this master. Takes in values[true|false]]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk add cluster-master https://127.0.0.1:8089 -secret testsecret -multisite false']]></ex>
<ex><![CDATA['./splunk add cluster-master https://127.0.0.1:8089 -secret testsecret -multisite true -site site2']]></ex>
</examples>
</help>
<type>create</type>
</cmd>
<cmd name="edit">
<implied_arg_name><![CDATA[old_master_uri]]></implied_arg_name>
<help>
<title><![CDATA[Edit a master currently in the list of instances a searchhead searches across]]></title>
<required>
<arg name="master_uri"><![CDATA[the value of the master uri]]></arg>
</required>
<optional>
<arg name="secret"><![CDATA[the secret/pass4SymmKey used for the master]]></arg>
<arg name="site"><![CDATA[the site-id for the searchhead for this master]]></arg>
<arg name="multisite"><![CDATA[used to turn on|off the multisite feature for this master. Acceptable values are [true|false]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk edit cluster-master https://127.0.0.1:8089 -secret newtestsecret']]></ex>
<ex><![CDATA['./splunk edit cluster-master https://old_server_name:8089 -master_uri https://new_server_name:8089]]></ex>
<ex><![CDATA['./splunk edit cluster-master https://old_server_name:8089 -master_uri https://new_server_name:8089 -secret newsecret]]></ex>
</examples>
</help>
<eai_id>{old_master_uri}</eai_id>
<type>edit</type>
</cmd>
<cmd name="remove">
<implied_arg_name><![CDATA[master_uri]]></implied_arg_name>
<help>
<title><![CDATA[Remove a master from the list of instances a searchhead searches across]]></title>
<required>
<arg name="master_uri"><![CDATA[the value of the master uri]]></arg>
</required>
<optional>
<arg name="secret"><![CDATA[the secret/pass4SymmKey used for the master]]></arg>
<arg name="site"><![CDATA[the site-id for the searchhead for this master]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk remove cluster-master https://127.0.0.1:8089 -secret testsecret']]></ex>
<ex><![CDATA['./splunk remove cluster-master -master_uri https://127.0.0.1:8089 -secret testsecret']]></ex>
</examples>
</help>
<eai_id>{master_uri}</eai_id>
<type>remove</type>
</cmd>
<cmd name="list">
<help>
<title><![CDATA[Display a list of instances this searchhead can search across]]></title>
<examples>
<ex><![CDATA['./splunk list master']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- apply cluster-bundle -->
<item obj="cluster-bundle">
<common>
<help>
<header><![CDATA[Applies the new bundle at the slave and restarts them. After this is done, the status of bundles at the various peers,
Use 'splunk show cluster-bundle-status' to make it active. You can use the '--answer-yes' option to supress the restart warning.]]>
</header>
<syntax><![CDATA[apply cluster-bundle [--skip-validation] [--dry-run]]]></syntax>
</help>
</common>
<cmd name="apply">
<uri><![CDATA[/cluster/master/control/default/apply]]></uri>
<help>
<title><![CDATA[Make validated bundle active on peers. In order to check the status of the bundle at the peers, use 'show cluster-bundle-status' at the master.]]></title>
<optional>
<arg name="--skip-validation"><![CDATA[Pass this optional argument to skip bundle validation on the master and peers]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk apply cluster-bundle']]></ex>
<ex><![CDATA['./splunk apply cluster-bundle --skip-validation']]></ex>
<ex><![CDATA['./splunk apply cluster-bundle --answer-yes']]></ex>
<ex><![CDATA['./splunk apply cluster-bundle --skip-validation --answer-yes']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="validate">
<uri><![CDATA[/cluster/master/control/default/validate_bundle]]></uri>
<help>
<title><![CDATA[Validates the cluster bundle, and optionally checks whether applying the bundle will initiate a peer restart. To check the status of the bundle validation, run 'show cluster-bundle-status' on the master.]]></title>
<optional>
<arg name="--check-restart"><![CDATA[Pass this optional argument to check whether applying the bundle will initiate a peer restart.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk validate cluster-bundle']]></ex>
<ex><![CDATA['./splunk validate cluster-bundle -auth admin:changeme']]></ex>
<ex><![CDATA['./splunk validate cluster-bundle --check-restart -auth admin:changeme']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="rollback">
<uri><![CDATA[/cluster/master/control/default/rollback]]></uri>
<help>
<title><![CDATA[Rolls back cluster bundle to previously active bundle. To check the status of the bundle at the peers, use 'show cluster-bundle-status at the master.]]></title>
<examples>
<ex><![CDATA['./splunk rollback cluster-bundle']]></ex>
<ex><![CDATA['./splunk rollback cluster-bundle -auth admin:changeme']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<item obj="cluster-data">
<common>
<help>
<header><![CDATA[Manage data in indexer cluster.]]></header>
<syntax><![CDATA[rebalance cluster-data -action start|stop|status]]></syntax>
</help>
</common>
<cmd name="rebalance">
<uri><![CDATA[/cluster/master/control/control/rebalance_buckets]]></uri>
<help>
<title><![CDATA[Perform data rebalance operations on an indexer cluster. Run this command from the master node.]]></title>
<required>
<arg name="action"><![CDATA[Specify the rebalance action to perform. Accepted values are: start|stop|status.]]></arg>
</required>
<optional>
<arg name="index"><![CDATA[Specify an index to rebalance. If no index is specified, the cluster rebalances all the indexes. Valid only for '-action start'.]]></arg>
<arg name="max_runtime"><![CDATA[Maximum time in minutes before the rebalance automatically stops. Valid only for '-action start'.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk rebalance cluster-data -action start']]></ex>
<ex><![CDATA['./splunk rebalance cluster-data -action start -index indexName']]></ex>
<ex><![CDATA['./splunk rebalance cluster-data -action stop']]></ex>
<ex><![CDATA['./splunk rebalance cluster-data -action status']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- remove excess-buckets -->
<item obj="excess-buckets">
<common>
<help>
<header><![CDATA[Manage excess-buckets in the cluster]]></header>
<syntax><![CDATA[[list|remove] excess-buckets]]></syntax>
</help>
</common>
<cmd name="remove">
<implied_arg_name><![CDATA[index]]></implied_arg_name>
<uri><![CDATA[/cluster/master/control/default/prune_index]]></uri>
<help>
<title><![CDATA[Remove excess buckets in the cluster.]]></title>
<syntax><![CDATA[remove excess-buckets [index-name]]]></syntax>
<examples>
<ex><![CDATA['./splunk remove excess-buckets']]></ex>
<ex><![CDATA['./splunk remove excess-buckets main']]></ex>
</examples>
<optional>
<arg name="index"><![CDATA[index to remove excess-buckets]]></arg>
</optional>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="list">
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<uri><![CDATA[/cluster/master/indexes]]></uri>
<eai_id>{name}</eai_id>
<default>
<arg name="name" value="" />
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List excess buckets in the cluster.]]></title>
<syntax><![CDATA[list excess-buckets [index-name]]]></syntax>
<required/>
<optional>
<arg name="name"><![CDATA[index to list excess-buckets]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk list excess-buckets]]></ex>
<ex><![CDATA[./splunk list excess-buckets main]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- enable|disable|show maintenance-mode -->
<item obj="maintenance-mode">
<cmd name="enable">
<uri><![CDATA[/cluster/master/control/default/maintenance]]></uri>
<default>
<arg name="mode" value="true" />
</default>
<help>
<title><![CDATA[Sets the maintenance mode on peers in clustering. Must be invoked at the master. ]]></title>
<examples>
<ex><![CDATA['./splunk enable maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="disable">
<uri><![CDATA[/cluster/master/control/default/maintenance]]></uri>
<default>
<arg name="mode" value="false" />
</default>
<help>
<title><![CDATA[Disables the maintaince mode on peers in clustering. Must be invoked at the master. ]]></title>
<examples>
<ex><![CDATA['./splunk disable maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="show">
<uri><![CDATA[/cluster/master/info]]></uri>
<help>
<title><![CDATA[Displays if the maintaince mode is set on the master in clustering. Must be invoked at the master. ]]></title>
<examples>
<ex><![CDATA['./splunk show maintenance-mode']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<item obj="cluster-bundle-status">
<cmd name="show">
<help>
<title><![CDATA[View status of 'apply cluster-bundle' command.]]></title>
<syntax><![CDATA[show cluster-bundle-status]]></syntax>
<required/>
<optional>
<arg name="--verbose"><![CDATA[get more information on the bundle status of the cluster]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk show cluster-bundle-status']]></ex>
<ex><![CDATA['./splunk show cluster-bundle-status --verbose']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show cluster-status -->
<item obj="cluster-status">
<cmd name="show">
<help>
<title><![CDATA[View status of the cluster. Verbose mode adds health check for rolling upgrade among other things.
Health Check:
pre_flight_check_successful succeeds if all the checks below pass
replication_factor_met there must be rf copies of data in the cluster
search_factor_met there must be sf copies of data in the cluster
all_data_is_searchable all data must be searchable
all_peers_are_up all peers must be up
cm_version_is_compatible cm version must > than the peers and <= 4 minor versions away if on the same major version
no_fixup_tasks_in_progress there must be no fixups tasks in progress
splunk_version_peer_count lists the number of peers on each version in the cluster
More information in the online documentation for the corresponding REST endpoint: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTcluster#cluster.2Fmaster.2Fhealth]]></title>
<syntax><![CDATA[show cluster-status]]></syntax>
<required/>
<optional>
<arg name="--verbose"><![CDATA[get more information on the status of the cluster]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk show cluster-status']]></ex>
<ex><![CDATA['./splunk show cluster-status --verbose']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- rolling-restart|list cluster-peers -->
<item obj="cluster-peers">
<cmd name="list">
<uri><![CDATA[/cluster/master/peers]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List Cluster peers information]]></title>
<syntax><![CDATA[list cluster-peers]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list cluster-peers]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
<cmd name="rolling-restart">
<uri><![CDATA[/cluster/master/control/default/restart]]></uri>
<help>
<title><![CDATA[Initiate a phased restart of the nodes in an indexer cluster.]]></title>
<syntax><![CDATA[rolling-restart cluster-peers]]></syntax>
<required/>
<optional>
<arg name="restart_inactivity_timeout"><![CDATA[The amount of time, in seconds, that the master waits for a peer to restart and rejoin the cluster before it considers the restart a failure and proceeds to restart other peers. Valid when searchable=true (default=600).]]></arg>
<arg name="backup_and_restore_primaries"><![CDATA[ Determines whether the master performs a backup/restore of bucket primary masks. If set to true, restoration of primaries occurs automatically when the peers rejoin the cluster after a scheduled restart or upgrade (true|false, default=false).]]></arg>
<arg name="decommission_force_timeout"><![CDATA[The amount of time, in seconds, the cluster master will wait for a peer in primary decommission status to finish primary reassignment and restart. Valid when searchable=true (default=180).]]></arg>
<arg name="force"><![CDATA[Perform a searchable rolling restart, but override the health check and enforce 'decommission_force_timeout' and 'restart_inactivity_timeout'. Valid when searchable=true (true|false, default=false).]]></arg>
<arg name="searchable"><![CDATA[Restart peers with minimal search disruption (true|false, default=false).]]></arg>
<arg name="site-by-site"><![CDATA[If true, restart peers on a per-site basis, waiting for all peers in the current site to restart before moving to the next one. If false, restart randomly selected peers (capped via percent_peers_to_restart) from all peers across all sites (true|false, default: true for multisite cluster, false otherwise).]]></arg>
<arg name="site-order"><![CDATA[The order in which sites in a multisite cluster will be restarted (default: all sites, chosen randomly).]]></arg>
</optional>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="upgrade-init">
<uri><![CDATA[/cluster/master/control/default/rolling_upgrade_init]]></uri>
<help>
<title><![CDATA[Initiate the upgrade state in an indexer cluster.]]></title>
<syntax><![CDATA[upgrade-init cluster-peers]]></syntax>
<required/>
<optional/>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="upgrade-finalize">
<uri><![CDATA[/cluster/master/control/default/rolling_upgrade_finalize]]></uri>
<help>
<title><![CDATA[Finalize the upgrade state in an indexer cluster.]]></title>
<syntax><![CDATA[upgrade-finalize cluster-peers]]></syntax>
<required/>
<optional/>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="remove">
<uri><![CDATA[/cluster/master/control/default/remove_peers]]></uri>
<help>
<title><![CDATA[Remove downed peers from the cluster master.]]></title>
<syntax><![CDATA[remove cluster-peers peers [-parameter <value>] ...]]></syntax>
<examples>
<ex><![CDATA['./splunk remove cluster-peers -peers GUID']]></ex>
<ex><![CDATA['./splunk remove cluster-peers -peers GUID1,GUID2,GUID3']]></ex>
</examples>
<required>
<arg name="peers"><![CDATA[Comma separated guids of the peers to be removed]]></arg>
</required>
</help>
<type>edit</type>
</cmd>
</item>
<!-- remove cluster-search-heads -->
<item obj="cluster-search-heads">
<common>
<help>
<header><![CDATA[Manage excess-buckets in the cluster]]></header>
<syntax><![CDATA[[remove] cluster-search-heads]]></syntax>
</help>
</common>
<cmd name="remove">
<implied_arg_name><![CDATA[guids]]></implied_arg_name>
<uri><![CDATA[/cluster/master/control/default/remove_search_heads]]></uri>
<help>
<title><![CDATA[Remove downed search heads from the cluster master.]]></title>
<syntax><![CDATA[remove-search-heads cluster-peers -guids <guid>[,...] [-parameter <value>] ...]]></syntax>
<examples>
<ex><![CDATA['./splunk remove-search-heads cluster-peers -guids GUID']]></ex>
<ex><![CDATA['./splunk remove-search-heads cluster-peers -guids GUID1,GUID2,GUID3']]></ex>
</examples>
<required>
<arg name="guids"><![CDATA[Comma separated guids of the search heads to be removed]]></arg>
</required>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- set indexing-ready -->
<item obj="indexing-ready">
<cmd name="set">
<uri><![CDATA[/cluster/master/control/default/set_indexing_ready]]></uri>
<help>
<title><![CDATA[Set the force indexing ready bit.]]></title>
<syntax><![CDATA[set indexing-ready]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk set indexing-ready]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- list master-info -->
<item obj="master-info">
<cmd name="list">
<uri><![CDATA[/cluster/master/info]]></uri>
<help>
<title><![CDATA[List Cluster Master information]]></title>
<syntax><![CDATA[list master-info]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list master-info]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list cluster-generation -->
<item obj="cluster-generation">
<cmd name="list">
<uri><![CDATA[/cluster/master/generation]]></uri>
<help>
<title><![CDATA[List the Cluster Master generation]]></title>
<syntax><![CDATA[list cluster-generation]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list cluster-generation]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list cluster-buckets -->
<item obj="cluster-buckets">
<cmd name="list">
<uri><![CDATA[/cluster/master/buckets]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List Cluster buckets information]]></title>
<syntax><![CDATA[list cluster-buckets]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list cluster-buckets]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list peer-info -->
<item obj="peer-info">
<cmd name="list">
<uri><![CDATA[/cluster/slave/info]]></uri>
<help>
<title><![CDATA[List Cluster Slave or Peer information]]></title>
<syntax><![CDATA[list peer-info]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list peer-info]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list peer-buckets -->
<item obj="peer-buckets">
<cmd name="list">
<uri><![CDATA[/cluster/slave/buckets]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List Cluster Slave bucket information]]></title>
<syntax><![CDATA[list peer-buckets]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list peer-buckets]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- bootstrap|transfer shcluster-captain -->
<item obj="shcluster-captain">
<common>
<help>
<header><![CDATA[Commands for bootstrapping and captaincy changes in searchhead cluster]]></header>
<syntax><![CDATA[[bootstrap|transfer] shcluster-captain]]></syntax>
</help>
</common>
<cmd name="bootstrap">
<uri><![CDATA[/shcluster/member/consensus/default/bootstrap]]></uri>
<help>
<title><![CDATA[ Bootstrap this node as the captain.]]></title>
<examples>
<ex><![CDATA['./splunk bootstrap shcluster-captain -servers_list 'uri1, uri2, uri3']]></ex>
</examples>
<optional>
<arg name="servers_list"><![CDATA[Specify the management uris of the members in the cluster.]]></arg>
<arg name="validation_timeout"><![CDATA[Specify the maximum allowable time, in seconds, for completion of pre-bootstrap validations. Default: 60]]></arg>
</optional>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="transfer">
<uri><![CDATA[/shcluster/member/consensus/default/transfer_captaincy]]></uri>
<help>
<title><![CDATA[ Transfer captaincy to a node from current captain.]]></title>
<examples>
<ex><![CDATA['./splunk transfer shcluster-captain -mgmt_uri new_captain_mgmt_uri]]></ex>
</examples>
<required>
<arg name="mgmt_uri"><![CDATA[Specify the managment uri of the node to be made captain.]]></arg>
</required>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<item obj="shcluster-scheduler-cache">
<cmd name="clear">
<uri><![CDATA[/shcluster/captain/jobs/dummy/clear_scheduler_cache]]></uri>
<type>edit</type>
</cmd>
</item>
<item obj="shcluster-common-encrypt">
<cmd name="edit">
<uri><![CDATA[/shcluster/member/control/control/reencrypt]]></uri>
<help>
<title><![CDATA[ Recrypt the field with shcluster common encryption key.]]></title>
<examples>
<ex><![CDATA['./splunk edit shcluster-common-encrypt -username admin -app search -config app -prefix credential:: -key password ]]></ex>
</examples>
<required>
<arg name="config"><![CDATA[Name of the Conf file eg: server for server.conf.]]></arg>
<arg name="prefix"><![CDATA[Prefix for the stanza where the key for re-encryption is found.]]></arg>
<arg name="key"><![CDATA[The key whose value has to be re-encrypted with common secret.]]></arg>
</required>
<optional>
<arg name="username"><![CDATA[Username if available.]]></arg>
<arg name="app"><![CDATA[The app for which you have to change the key.]]></arg>
</optional>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<item obj="shcluster-bundle">
<cmd name="apply">
<uri><![CDATA[/apps/deploy]]></uri>
<default>
<arg name="action" value="all" />
<arg name="advertising" value="true" />
</default>
<help>
<title><![CDATA[ Deploy the bundle to all the members in the search head cluster and restart them as needed.]]></title>
<examples>
<ex><![CDATA['./splunk apply shcluster-bundle -target https://member_name:port]]></ex>
</examples>
<required>
<arg name="target"><![CDATA[Specify the uri of one member in the cluster.]]></arg>
</required>
<optional>
<arg name="action"><![CDATA[One of the following: restart, stage or send. If "stage" is specified, the bundle is staged on the deployer but not sent. If "send" is specified, a staged bundle is sent but the cluster members are not restarted even if the configuration pushed requires it. If "restart" is specified, cluster members are restarted as needed.]]></arg>
<arg name="force"><![CDATA[Allow an empty bundle push to clear all deployed apps in the search head cluster. WARNING: using this option with an empty shcluster directory will delete all apps previously deployed to the search head cluster; use with extreme caution!]]></arg>
</optional>
</help>
<type>edit</type>
</cmd>
<cmd name="list">
<uri><![CDATA[/apps/deploy]]></uri>
<default>
<arg name="action" value="list-bundle-status" />
</default>
<help>
<title><![CDATA[ list the status of app bundles in a search head cluster deployer.]]></title>
<examples>
<ex><![CDATA['./splunk list shcluster-bundle -member_uri https://member_name:port]]></ex>
</examples>
<required/>
<optional>
<arg name="member_uri"><![CDATA[Specify the uri of one member in the search head cluster.]]></arg>
</optional>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|edit shcluster-config -->
<item obj="shcluster-config">
<common>
<help>
<header><![CDATA[Configure shclustering]]></header>
<syntax><![CDATA[[init|disable|list|edit] shcluster-config]]></syntax>
</help>
<uri><![CDATA[/shcluster/config]]></uri>
</common>
<cmd name="init">
<uri><![CDATA[/shcluster/config/config]]></uri>
<default>
<arg name="disabled" value="false" />
</default>
<help>
<title><![CDATA[Initializes shclustering on this node
after which the node waits for the first captain to be
bootstrapped. ]]></title>
<required>
<arg name="replication_port"><![CDATA[specify the replication port]]></arg>
<arg name="mgmt_uri"><![CDATA[Specify the managment uri of this node.]]></arg>
</required>
<optional>
<arg name="secret"><![CDATA[Sets the value of the pass4SymmKey used between captain and members]]></arg>
<arg name="conf_deploy_fetch_url"><![CDATA[Sets the uri from which a cluster member fetches its baseline configuration.]]></arg>
<arg name="cxn_timeout"><![CDATA[connection timeout]]></arg>
<arg name="send_timeout"><![CDATA[send timeout]]></arg>
<arg name="rcv_timeout"><![CDATA[recieve timeout]]></arg>
<arg name="rep_cxn_timeout"><![CDATA[replication connection timeout]]></arg>
<arg name="rep_send_timeout"><![CDATA[replication send timeout]]></arg>
<arg name="rep_rcv_timeout"><![CDATA[replication receive timeout]]></arg>
<arg name="replication_factor"><![CDATA[sets the replication factor]]></arg>
<arg name="heartbeat_timeout"><![CDATA[sets the hearbeat timeout]]></arg>
<arg name="restart_timeout"><![CDATA[sets the time the master waits for peer to readd after restart]]></arg>
<arg name="max_peer_build_load"><![CDATA[specify the max number of concurrent jobs to make bucket searchable]]></arg>
<arg name="max_peer_rep_load"><![CDATA[specify the max number of concurrent replications that peer can take part in as target]]></arg>
<arg name="raft_election_timeout_ms"><![CDATA[Sets the value of election timeout used by the raft protocol.]]></arg>
<arg name="shcluster_label"><![CDATA[Sets the searchhead cluster label]]></arg>
<arg name="dispatching_mode"><![CDATA[Sets the dispatching mode in search head cluster]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk init shcluster-config -mgmt_uri https://hostname.com:1234 -replication_port 1345 -secret foo]]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
<cmd name="disable">
<uri><![CDATA[/shcluster/config/config]]></uri>
<default>
<arg name="disabled" value="true" />
</default>
<help>
<title><![CDATA[Disables shclustering on this node. ]]></title>
<examples>
<ex><![CDATA['./splunk disable shcluster-config]]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
<cmd name="list">
<help>
<title><![CDATA[List current SEARCH HEAD CLUSTER configuration]]></title>
<syntax><![CDATA[list shcluster-config]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-config]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
<type>list</type>
</cmd>
<cmd name="edit">
<implied_arg_name><![CDATA[mode]]></implied_arg_name>
<uri><![CDATA[/shcluster/config/config]]></uri>
<help>
<title><![CDATA[edit current shclustering configuration on a bootstrapped node.]]></title>
<syntax><![CDATA[edit shcluster-config -<parameter_name> <parameter_value>]]></syntax>
<optional>
<arg name="cxn_timeout"><![CDATA[connection timeout]]></arg>
<arg name="send_timeout"><![CDATA[send timeout]]></arg>
<arg name="rcv_timeout"><![CDATA[recieve timeout]]></arg>
<arg name="rep_cxn_timeout"><![CDATA[replication connection timeout]]></arg>
<arg name="rep_send_timeout"><![CDATA[replication send timeout]]></arg>
<arg name="rep_rcv_timeout"><![CDATA[replication receive timeout]]></arg>
<arg name="replication_factor"><![CDATA[sets the replication factor]]></arg>
<arg name="heartbeat_timeout"><![CDATA[sets the hearbeat timeout]]></arg>
<arg name="restart_timeout"><![CDATA[sets the time the master waits for peer to readd after restart]]></arg>
<arg name="replication_port"><![CDATA[specify the replication port]]></arg>
<arg name="max_peer_build_load"><![CDATA[specify the max number of concurrent jobs to make bucket searchable]]></arg>
<arg name="max_peer_rep_load"><![CDATA[specify the max number of concurrent replications that peer can take part in as target]]></arg>
<arg name="secret"><![CDATA[sets the value of the secret key between captain and members]]></arg>
<arg name="mgmt_uri"><![CDATA[Specify the managment uri of this node.]]></arg>
<arg name="raft_election_timeout_ms"><![CDATA[Sets the value of election timeout used by the raft protocol.]]></arg>
<arg name="conf_deploy_fetch_url"><![CDATA[Sets the uri from which a cluster member fetches its baseline configuration.]]></arg>
<arg name="manual_detention"><![CDATA[Sets the member in manual detention]]></arg>
<arg name="rolling_restart"><![CDATA[Sets the mode that search head cluster rolling restart runs in. Possible values are restart/searchable/searchable_force]]></arg>
<arg name="decommission_search_jobs_wait_secs"><![CDATA[Sets timeout of searchable rolling restart]]></arg>
<arg name="target_uri"><![CDATA[Specify the uri of search head to put in manual detention]]></arg>
<arg name="dispatching_mode"><![CDATA[Sets the dispatching mode in search head cluster]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit shcluster-config -replication_port 4535]]></ex>
<ex><![CDATA[./splunk edit shcluster-config -secret foo]]></ex>
<ex><![CDATA[./splunk edit shcluster-config -captain_uri https://server_name:port -secret foo]]></ex>
<ex><![CDATA[./splunk edit shcluster-config -target_uri https://server_name:port -manual_detention on]]></ex>
<ex><![CDATA[./splunk edit shcluster-config -rolling_restart searchable -decommission_search_jobs_wait_secs 180]]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
</item>
<!-- enable|disable|show shcluster-maintenance-mode -->
<item obj="shcluster-maintenance-mode">
<cmd name="enable">
<uri><![CDATA[/shcluster/captain/control/default/maintenance]]></uri>
<default>
<arg name="mode" value="true" />
</default>
<help>
<title><![CDATA[Sets the maintenance mode on members in shclustering. Must be invoked at the captain. ]]></title>
<examples>
<ex><![CDATA['./splunk enable shcluster-maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="disable">
<uri><![CDATA[/shcluster/captain/control/default/maintenance]]></uri>
<default>
<arg name="mode" value="false" />
</default>
<help>
<title><![CDATA[Disables the maintaince mode on peers in shclustering. Must be invoked at the master. ]]></title>
<examples>
<ex><![CDATA['./splunk disable shcluster-maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="show">
<uri><![CDATA[/shcluster/captain/info]]></uri>
<help>
<title><![CDATA[Displays if the maintaince mode is set on the master in shclustering. Must be invoked at the master. ]]></title>
<examples>
<ex><![CDATA['./splunk show shcluster-maintenance-mode']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- show shcluster-status -->
<item obj="shcluster-status">
<cmd name="show">
<uri><![CDATA[/shcluster/status]]></uri>
<help>
<title><![CDATA[View status of the shcluster.]]></title>
<syntax><![CDATA[show shcluster-status]]></syntax>
<required/>
<optional>
<arg name="--verbose"><![CDATA[get advanced information on the status of the search head cluster.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk show shcluster-status']]></ex>
<ex><![CDATA['./splunk show shcluster-status --verbose']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- We don't do the automatic GET to figure out owner/namespace for the shcluster-member object -->
<item obj="shcluster-member">
<common>
<help>
<header><![CDATA[Configure shclustering members]]></header>
<syntax><![CDATA[[add|remove] shcluster-member]]></syntax>
</help>
<uri><![CDATA[/shcluster/member/consensus/default]]></uri>
</common>
<cmd name="add">
<uri><![CDATA[/shcluster/member/consensus/default/add_server]]></uri>
<help>
<title><![CDATA[Add the specified node to a search head cluster. Search head clustering should already be enabled on that node. ]]></title>
<syntax><![CDATA[add shcluster-member]]></syntax>
<optional>
<arg name="current_member_uri"><![CDATA[Management uri of an existing member of the cluster that this node is to be come part of.
When this command is run on a current member, this is not required.
When this command is run on the new node, this is required so that the new node can talk to the cluster.]]></arg>
<arg name="new_member_uri"><![CDATA[Management uri of the new member to be added to the cluster.
This must be exactly the same as the mgmt_uri of the new node (as specified in server.conf).
When this command is run on a current member this is required to specify the node to add.
When this command is run directly on the new node, this is not required.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add shcluster-member -current_member_uri https://myserver:1234]]></ex>
<ex><![CDATA[./splunk add shcluster-member -new_member_uri https://myserver:1234]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="remove">
<uri><![CDATA[/shcluster/member/consensus/default/remove_server]]></uri>
<help>
<title><![CDATA[Remove the specified member if run on the captain or, if run on a non-captain member, remove that member from the search head cluster.]]></title>
<syntax><![CDATA[remove shcluster-member]]></syntax>
<optional>
<arg name="mgmt_uri"><![CDATA[If run on the captain, this is the management uri of the member to be removed.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk remove shcluster-member -mgmt_uri https://myserver:1234]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- rolling-restart|list shcluster-members -->
<item obj="shcluster-members">
<cmd name="list">
<uri><![CDATA[/shcluster/member/members]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER members information]]></title>
<syntax><![CDATA[list shcluster-members]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-members]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
<cmd name="rolling-restart">
<uri><![CDATA[/shcluster/captain/control/default/restart]]></uri>
<help>
<title><![CDATA[Initiate a phased restart of the nodes in a search head cluster.]]></title>
<syntax><![CDATA[rolling-restart shcluster-members]]></syntax>
<required/>
<optional>
<arg name="status"><![CDATA[The status of the current rolling restart.]]></arg>
<arg name="searchable"><![CDATA[Maintain high search availability during rolling restart.]]></arg>
<arg name="decommission_search_jobs_wait_secs"><![CDATA[Maximum time in secs that searchable rolling restart waits for existing searches to finish.]]></arg>
<arg name="force"><![CDATA[Override healthcheck failures to continue searchable rolling restart.]]></arg>
</optional>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="upgrade-init">
<uri><![CDATA[/shcluster/captain/control/default/upgrade-init]]></uri>
<help>
<title><![CDATA[Initiate the upgrade state in a search head cluster.]]></title>
<syntax><![CDATA[upgrade-init shcluster-members]]></syntax>
<required/>
<optional/>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="upgrade-finalize">
<uri><![CDATA[/shcluster/captain/control/default/upgrade-finalize]]></uri>
<help>
<title><![CDATA[Finalize the upgrade state in a search head cluster.]]></title>
<syntax><![CDATA[upgrade-finalize shcluster-members]]></syntax>
<required/>
<optional/>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<item obj="shcluster-splunk-secret">
<cmd name="rotate">
<uri><![CDATA[/shcluster/captain/control/default/rotate-splunk-secret]]></uri>
<help>
<title><![CDATA[Generate a new search head cluster common splunk.secret (encryption key), and re-encrypt all configuration with the new key. CAUTION: this command causes the members to be re-added the search head cluster, and might cause scheduled searches to be unavailable until the process completes.]]></title>
<syntax><![CDATA[rotate shcluster-splunk-secret]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk rotate shcluster-splunk-secret]]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- set indexing-ready -->
<item obj="shcluster-indexing-ready">
<cmd name="set">
<uri><![CDATA[/shcluster/captain/control/default/set_indexing_ready]]></uri>
<help>
<title><![CDATA[Set the force indexing ready bit.]]></title>
<syntax><![CDATA[set shcluster-indexing-ready]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk set shcluster-indexing-ready]]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
</item>
<!-- list shcluster-captain-info -->
<item obj="shcluster-captain-info">
<cmd name="list">
<uri><![CDATA[/shcluster/captain/info]]></uri>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER Captain information]]></title>
<syntax><![CDATA[list shcluster-captain-info]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-captain-info]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list shcluster-artifacts -->
<item obj="shcluster-artifacts">
<cmd name="list">
<uri><![CDATA[/shcluster/captain/artifacts]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER artifacts information]]></title>
<syntax><![CDATA[list shcluster-artifacts]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-artifacts]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<item obj="shcluster-scheduler-jobs">
<cmd name="list">
<uri><![CDATA[/shcluster/captain/jobs]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List search head cluster scheduler job information]]></title>
<syntax><![CDATA[list shcluster-scheduler-jobs]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-scheduler-jobs]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list shcluster-member-info -->
<item obj="shcluster-member-info">
<cmd name="list">
<uri><![CDATA[/shcluster/member/info]]></uri>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER MEMBER or Peer information]]></title>
<syntax><![CDATA[list shcluster-member-info]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-member-info]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list shcluster-configuration-set -->
<item obj="shcluster-configuration-set">
<cmd name="list">
<uri><![CDATA[/shcluster/member/consensus]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER NODE SET (All nodes part of the configuration) ]]></title>
<syntax><![CDATA[list shcluster-configuration-set]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-configuration-set]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list shcluster-member-artifacts -->
<item obj="shcluster-member-artifacts">
<cmd name="list">
<uri><![CDATA[/shcluster/member/artifacts]]></uri>
<default>
<arg name="count" value="-1" />
</default>
<help>
<title><![CDATA[List SEARCH HEAD CLUSTER MEMBER artifact information]]></title>
<syntax><![CDATA[list shcluster-member-artifacts]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list shcluster-member-artifacts]]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<item obj="shcluster-replicated-config">
<cmd name="resync">
<uri><![CDATA[/replication/configuration/commits]]></uri>
<default>
<arg name="resync_destructive" value="1" />
</default>
<help>
<title><![CDATA[Destructively resyncs this node to the latest replicated config on the captain.]]></title>
<examples>
<ex><![CDATA['./splunk resync shcluster-replicated-config]]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
</item>
<!-- show kvstore-status -->
<item obj="kvstore-status">
<cmd name="show">
<uri><![CDATA[/kvstore/status]]></uri>
<help>
<title><![CDATA[View status of the KV Store cluster.]]></title>
<syntax><![CDATA[show kvstore-status]]></syntax>
<required/>
<examples>
<ex><![CDATA['./splunk show kvstore-status']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- resync kvstore -->
<item obj="kvstore">
<cmd name="resync">
<uri><![CDATA[/kvstore/resync/resync]]></uri>
<help>
<title><![CDATA[Resynchronize KVStore cluster.]]></title>
<optional>
<arg name="source"><![CDATA[SHC Peer guid, which should be used as a source for resynchronization.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk resync kvstore']]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
<cmd name="backup">
<uri><![CDATA[/kvstore/backup/create]]></uri>
<help>
<title><![CDATA[Backup KVStore data to an archive file.]]></title>
<optional>
<arg name="-archiveName"><![CDATA[Specifies filename for backup archive file]]></arg>
<arg name="-appName"><![CDATA[Specifies which app to backup to the archive file]]></arg>
<arg name="-collectionName"><![CDATA[Specifies which collection backup to the archive file]]></arg>
<arg name="-pointInTime"><![CDATA[Specifies point in time backup]]></arg>
<arg name="-parallelCollections"><![CDATA[Specifies parallel dumps jobs]]></arg>
<arg name="-cancel"><![CDATA[Specifies cancel backup in progress]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk backup kvstore']]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
<cmd name="restore">
<uri><![CDATA[/kvstore/backup/restore]]></uri>
<help>
<title><![CDATA[Restore KVStore data from an archive file.]]></title>
<required>
<arg name="-archiveName"><![CDATA[Specifies backup archive file to restore from (to be located in $SPLUNK_DB/kvstorebackup)]]></arg>
</required>
<optional>
<arg name="-kvstore_type"><![CDATA[Specifies if we should restore data to KV Store (-kvstore_type local) or KV Service (-kvstore_type external)]]></arg>
<arg name="-appName"><![CDATA[Specifies which app to restore from the archive file]]></arg>
<arg name="-collectionName"><![CDATA[Specifies which collection restore from the archive file]]></arg>
<arg name="-pointInTime"><![CDATA[Specifies point in time restore]]></arg>
<arg name="-parallelCollections"><![CDATA[Specifies parallel restore jobs]]></arg>
<arg name="-insertionsWorkersPerCollection"><![CDATA[Specifies parallel restore insertion jobs]]></arg>
<arg name="-cancel"><![CDATA[Specifies cancel restore in progress]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk restore kvstore -archiveName kvdump.tar.gz']]></ex>
<ex><![CDATA['./splunk restore kvstore -archiveName kvdump.tar.gz -kvstore_type external']]></ex>
</examples>
</help>
<type>edit</type>
</cmd>
<cmd name="show">
<uri><![CDATA[/kvstore/backup/info]]></uri>
<help>
<title><![CDATA[Show KVStore data from an archive file.]]></title>
<required>
<arg name="-archiveName"><![CDATA[Specifies backup archive file to show from (to be located in $SPLUNK_HOME/var/lib/splunk/kvstore/backup)]]></arg>
</required>
<examples>
<ex><![CDATA['./splunk show kvstore -archiveName kvdump.tar.gz']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
<cmd name="start-shcluster-migration">
<uri><![CDATA[/shcluster/captain/kvmigrate/start]]></uri>
<help>
<title><![CDATA[Start KV store migration]]></title>
<required>
<arg name="-storageEngine"><![CDATA[storage engine to migrate to ('wiredTiger' or 'mmapv1')]]></arg>
</required>
<optional>
<arg name="-clusterPerc"><![CDATA[percentage of cluster to be migrated]]></arg>
<arg name="-maxRetries"><![CDATA[number of retries for migration per search head cluster member upon failure]]></arg>
<arg name="-isDryRun"><![CDATA[do preflight checks and exit without doing migration]]></arg>
<arg name="-peersList"><![CDATA[list of specific peers to be migrated]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk start-shcluster-migration kvstore -storageEngine wiredTiger']]></ex>
<ex><![CDATA['./splunk start-shcluster-migration kvstore -storageEngine mmapv1 -maxRetries 2 -clusterPerc 50']]></ex>
<ex><![CDATA['./splunk start-shcluster-migration kvstore -storageEngine wiredTiger -maxRetries 2 -peersList 'uri1, uri2, uri3'']]></ex>
<ex><![CDATA['./splunk start-shcluster-migration kvstore -storageEngine mmapv1 -maxRetries 2 -dryRun true']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="stop-shcluster-migration">
<uri><![CDATA[/shcluster/captain/kvmigrate/stop]]></uri>
<help>
<title><![CDATA[Stop KV store migration]]></title>
</help>
<examples>
<ex><![CDATA['./splunk stop-shcluster-migration kvstore']]></ex>
</examples>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- enable|disable kvstore-maintenance-mode -->
<item obj="kvstore-maintenance-mode">
<cmd name="enable">
<uri><![CDATA[/kvstore/control/maintenance]]></uri>
<default>
<arg name="mode" value="true" />
</default>
<help>
<title><![CDATA[Sets the maintenance mode on kvstore.]]></title>
<examples>
<ex><![CDATA['./splunk enable kvstore-maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
<cmd name="disable">
<uri><![CDATA[/kvstore/control/maintenance]]></uri>
<default>
<arg name="mode" value="false" />
</default>
<help>
<title><![CDATA[Disables the maintenance mode on kvstore.]]></title>
<examples>
<ex><![CDATA['./splunk disable kvstore-maintenance-mode']]></ex>
</examples>
</help>
<type>edit</type>
<post_only/>
</cmd>
</item>
<!-- show kvstore-migration-status -->
<item obj="shcluster-kvmigration-status">
<cmd name="show">
<uri><![CDATA[/shcluster/captain/kvmigrate/status]]></uri>
<help>
<title><![CDATA[View status of KV store migration]]></title>
<required/>
<examples>
<ex><![CDATA['./splunk show kvstore-migration-status']]></ex>
</examples>
</help>
<type>list</type>
</cmd>
</item>
<!-- list inputstatus-->
<item obj="inputstatus">
<common>
<uri><![CDATA[/admin/inputstatus]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[Lists the status of the different splunk inputs.]]></title>
<syntax><![CDATA[list monitor [-parameter <value>] ...]]></syntax>
<optional>
<arg name="input"><![CDATA[search inputs matching this regex]]></arg>
<arg name="type"><![CDATA[search for inputs with type matching this regex ]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk list inputstatus]]></ex>
</examples>
</help>
</cmd>
</item>
<!-- add|list|edit|remove|reload monitor -->
<item obj="tail" synonym="monitor" />
<item obj="monitor">
<common>
<help>
<header><![CDATA[An object used to specify log files and directories to actively index.
Use no more than one of -hostname, -hostregex or -hostsegmentnum per command.
Use "spool" to index a file once and forget about it.
Use "add monitor" to index files and directories containing both live and closed files.]]>
</header>
</help>
<uri><![CDATA[/data/inputs/monitor/]]></uri>
<argsmap>
<arg cliname="source" eainame="name" />
<arg cliname="hostname" eainame="host" />
<arg cliname="hostregex" eainame="host_regex" />
<arg cliname="hostsegmentnum" eainame="host_segment" />
<arg cliname="follow-only" eainame="followTail" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[adds monitor directory and file inputs]]></title>
<syntax><![CDATA[add monitor source [-parameter <value>] ...]]></syntax>
<required>
<arg name="source"><![CDATA[path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files.]]></arg>
</required>
<optional>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[a local Splunk index to place events from the source. Note: For forwarding instances of Splunk (which typically do not have local indexes), you have to edit the configuration file (inputs.conf) to specify an input for an index on a remote server. ]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="hostregex"><![CDATA[regular expression of file path to set as the host value]]></arg>
<arg name="hostsegmentnum"><![CDATA[number of segments in the file path to set as the host value]]></arg>
<arg name="follow-only"><![CDATA[only read from the end of the file (True|False, default=False)]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add monitor /var/log/]]></ex>
<ex><![CDATA[./splunk add monitor -source c:\Windows\windowsupdate.log -index newindex]]></ex>
<ex><![CDATA[./splunk add monitor -source c:\windows\system32\LogFiles\W3SVC ]]></ex>
</examples>
</help>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list all active monitored directory and file inputs. Note: This displays files and directories currently or recently monitored by splunkd for change.]]></title>
<syntax><![CDATA[list monitor [-parameter <value>] ...]]></syntax>
<examples>
<ex><![CDATA[./splunk list monitor]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[edits monitored directory inputs]]></title>
<syntax><![CDATA[edit monitor]]></syntax>
<required>
<arg name="source"><![CDATA[path to a file or directory whose contents should be indexed by the Splunk server, and then watched for new input. The Splunk server unpacks tarfiles and compressed files.]]></arg>
</required>
<optional>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[a local Splunk index to place events from the source]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="hostregex"><![CDATA[regular expression of file path to set as the host value]]></arg>
<arg name="hostsegmentnum"><![CDATA[number of segments in the file path to set as the host value]]></arg>
<arg name="follow-only"><![CDATA[only read from the end of the file (True|False, default=False)]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit monitor /var/log -follow-only true]]></ex>
</examples>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[remove monitored directory inputs]]></title>
<syntax><![CDATA[remove monitor source]]></syntax>
<required>
<arg name="source"><![CDATA[path to a directory to index]]></arg>
</required>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/monitor/_reload]]></uri>
<help>
<title><![CDATA[reloads monitor configuration, making immediately effective all
"add/edit/remove monitor" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- enable|disable|list|install|remove app -->
<item obj="app">
<common>
<help>
<header><![CDATA[Commands used with the app object.]]></header>
<syntax><![CDATA[[enable|disable|list|install|remove] app]]></syntax>
</help>
<uri><![CDATA[/apps/local/]]></uri>
</common>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[enable the specified app]]></title>
<required>
<arg name="name"><![CDATA[the name of the app]]></arg>
</required>
</help>
<uri><![CDATA[/apps/local/{name}/enable]]></uri>
<type>edit</type>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[disable the specified app]]></title>
<required>
<arg name="name"><![CDATA[the name of the app]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable app unix]]></ex>
</examples>
</help>
<uri><![CDATA[/apps/local/{name}/disable]]></uri>
<type>edit</type>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[remove specified app name]]></title>
<required>
<arg name="name"><![CDATA[the name of the app]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk remove app unix]]></ex>
</examples>
</help>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="install">
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<hook_functions>
<hook arg="name"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[install specified app name]]></title>
<required>
<arg name="name"><![CDATA[path of the app tar]]></arg>
</required>
<optional>
<arg name="update"><![CDATA[update specified app name during install, if the app already exists. Defaults to false or 0.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk install app foo.tar]]></ex>
<ex><![CDATA[./splunk install app foo.tgz]]></ex>
<ex><![CDATA[./splunk install app foo.tar.gz]]></ex>
<ex><![CDATA[./splunk install app foo.spl]]></ex>
<ex><![CDATA[./splunk install app /home/username/sos_1.0tgz -update 1]]></ex>
</examples>
</help>
<default>
<arg name="filename" value="1" />
</default>
<type>create</type>
</cmd>
<cmd name="list" synonym="display" />
<cmd name="display">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[display status information (enabled/disabled, visible/invisible, configured/not configured) about a specific app or all apps]]></title>
<required>
<arg name="name"><![CDATA[the name of a specific app to display status. if name is not provided, displays all installed apps and their status information]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk display app]]></ex>
<ex><![CDATA[./splunk display app unix]]></ex>
</examples>
</help>
<eai_id>{name}</eai_id>
<type>list</type>
<default>
<arg name="count" value="-1" />
</default>
<initial>
<arg name="name" value="" />
</initial>
</cmd>
</item>
<!-- add|edit|list|remove|reload tcp -->
<item obj="tcp">
<common>
<help>
<header><![CDATA[Objects used to specify TCP network inputs.]]></header>
</help>
<uri><![CDATA[/data/inputs/tcp/raw/]]></uri>
<argsmap>
<arg cliname="source" eainame="name" />
<arg cliname="remotehost" eainame="restrictToHost" />
<arg cliname="hostname" eainame="host" />
<arg cliname="resolvehost" eainame="connection_host" />
<arg cliname="doneTimeout" eainame="rawTcpDoneTimeout" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[adds TCP (network) inputs]]></title>
<syntax><![CDATA[add [tcp] source [-parameter <value>] ...]]></syntax>
<required>
<arg name="source"><![CDATA[the TCP network port that the Splunk Server should listen on]]></arg>
</required>
<optional>
<arg name="remotehost"><![CDATA[specify IP address to exclusively accept data from]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[index to place events from the source]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="resolvehost"><![CDATA[specify whether to use DNS to set the host value (true|false, default=false)]]></arg>
<arg name="doneTimeout"><![CDATA[timeout after which data received so far over the connection is deemed complete]]></arg>
</optional>
</help>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[edits TCP (network) inputs]]></title>
<syntax><![CDATA[edit [tcp] source [-parameter <value>] ...]]></syntax>
<required>
<arg name="source"><![CDATA[the TCP network port that the Splunk Server should listen on]]></arg>
</required>
<optional>
<arg name="remotehost"><![CDATA[specify IP address to exclusively accept data from]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[index to place events from the source]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="resolvehost"><![CDATA[specify whether to use DNS to set the host value (true|false, default=false)]]></arg>
<arg name="doneTimeout"><![CDATA[timeout after which data received so far over the connection is deemed complete]]></arg>
</optional>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list all active TCP (network) inputs]]></title>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[remove TCP (network) inputs]]></title>
<required>
<arg name="source"><![CDATA[port where Splunk should listen for events]]></arg>
</required>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/tcp/raw/_reload]]></uri>
<help>
<title><![CDATA[reloads TCP input configuration, making immediately effective all
"add/edit/remove tcp" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- add|edit|list|remove udp -->
<item obj="udp">
<common>
<help>
<title><![CDATA[Objects used to specify UDP network inputs.]]></title>
</help>
<uri><![CDATA[/data/inputs/udp/]]></uri>
<argsmap>
<arg cliname="source" eainame="name" />
<arg cliname="remotehost" eainame="restrictToHost" />
<arg cliname="hostname" eainame="host" />
<arg cliname="resolvehost" eainame="connection_host" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[adds UDP (network) inputs]]></title>
<required>
<arg name="source"><![CDATA[port where Splunk should listen for events]]></arg>
</required>
<optional>
<arg name="remotehost"><![CDATA[specify an IP address to exclusively accept data from]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[index to place events in]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="resolvehost"><![CDATA[specify whether to use DNS to set the host value (true|false, default=false)]]></arg>
</optional>
</help>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[edits UDP (network) inputs]]></title>
<syntax><![CDATA[edit [udp] source [-parameter <value>] ...]]></syntax>
<required>
<arg name="source"><![CDATA[the UDP network port that the Splunk Server should listen on]]></arg>
</required>
<optional>
<arg name="remotehost"><![CDATA[specify IP address to exclusively accept data from]]></arg>
<arg name="sourcetype"><![CDATA[source type value to set for events from the source]]></arg>
<arg name="index"><![CDATA[index to place events from the source]]></arg>
<arg name="hostname"><![CDATA[host name to set as the host value]]></arg>
<arg name="resolvehost"><![CDATA[specify whether to use DNS to set the host value (true|false, default=false)]]></arg>
</optional>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list all active UDP (network) inputs]]></title>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<help>
<title><![CDATA[remove UDP (network) inputs]]></title>
<required>
<arg name="source"><![CDATA[port where Splunk should listen for events]]></arg>
</required>
</help>
<eai_id>{source}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/udp/_reload]]></uri>
<help>
<title><![CDATA[reloads UDP input configuration, making immediately effective all
"add/edit/remove udp" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|add|edit|remove indexer-discovery -->
<item obj="indexer-discovery">
<common>
<help>
<header><![CDATA[Configure indexer discovery]]></header>
<syntax><![CDATA[[list|add|edit|remove] indexer-discovery]]></syntax>
</help>
<uri><![CDATA[/data/outputs/tcp/indexerdiscovery]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[List current indexer discovery configuration]]></title>
<syntax><![CDATA[list indexer-discovery]]></syntax>
<required/>
<optional>
<arg name="name"><![CDATA[<name>]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk list indexer-discovery]]></ex>
</examples>
</help>
<default>
</default>
<type>list</type>
</cmd>
<cmd name="add">
<uri><![CDATA[/data/outputs/tcp/indexerdiscovery]]></uri>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[create a new indexer discovery configuration]]></title>
<syntax><![CDATA[add indexer-discovery -name <name> -<parameter_name> <parameter_value>]]></syntax>
<required>
<arg name="name"><![CDATA[<name of the indexer discovery>]]></arg>
<arg name="master_uri"><![CDATA[sets the value of the master uri]]></arg>
</required>
<optional>
<arg name="pass4SymmKey"><![CDATA[sets the pass4SymmKey sending the message to the master node]]></arg>
<arg name="send_timeout"><![CDATA[sets the timeout for sending the message to the master node]]></arg>
<arg name="rcv_timeout"><![CDATA[sets the timeout for receiving message from the master node]]></arg>
<arg name="cxn_timeout"><![CDATA[sets the timeout for connecting to the master node]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add indexer-discovery -name indexerDiscovery -master_uri https://server:8089]]></ex>
</examples>
</help>
</cmd>
<cmd name="edit">
<uri><![CDATA[/data/outputs/tcp/indexerdiscovery]]></uri>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[edit current indexer discovery configuration]]></title>
<syntax><![CDATA[edit indexer-discovery -name <name> -<parameter_name> <parameter_value>]]></syntax>
<required>
<arg name="name"><![CDATA[<name>]]></arg>
</required>
<optional>
<arg name="master_uri"><![CDATA[sets the value of the master uri]]></arg>
<arg name="pass4SymmKey"><![CDATA[sets the pass4SymmKey sending the message to the master node]]></arg>
<arg name="send_timeout"><![CDATA[sets the timeout for sending the message to the master node]]></arg>
<arg name="rcv_timeout"><![CDATA[sets the timeout for receiving message from the master node]]></arg>
<arg name="cxn_timeout"><![CDATA[sets the timeout for connecting to the master node]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit indexer-discovery -name indexerDiscovery -master_uri https://server:8089]]></ex>
</examples>
</help>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="remove">
<uri><![CDATA[/data/outputs/tcp/indexerdiscovery]]></uri>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[delete a existing indexer discovery configuration]]></title>
<syntax><![CDATA[remove indexer-discovery -name <name>]]></syntax>
<required>
<arg name="name"><![CDATA[<name>]]></arg>
</required>
<optional>
</optional>
<examples>
<ex><![CDATA[./splunk remove indexer-discovery -name indexerDiscovery]]></ex>
</examples>
</help>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- add|remove|list forward-server -->
<item obj="forward-server">
<common>
<help>
<header><![CDATA[An object used to specify servers or to specify the operation of a command on a Splunk forwarder.]]></header>
<syntax><![CDATA[[add|remove] forward-server [-parameter <value>]...
list forward-server]]></syntax>
</help>
<uri><![CDATA[/data/outputs/tcp/server/]]></uri>
<argsmap>
<arg cliname="hostport" eainame="name" />
<arg cliname="ssl-alternate-name-to-check" eainame="sslAltNameToCheck" />
<arg cliname="client-cert" eainame="clientCert" />
<arg cliname="ssl-common-name-to-check" eainame="sslCommonNameToCheck" />
<arg cliname="ssl-password" eainame="sslPassword" />
<arg cliname="ssl-root-ca-path" eainame="sslRootCAPath" />
<arg cliname="ssl-verify-server-cert" eainame="sslVerifyServerCert" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[hostport]]></implied_arg_name>
<help>
<title><![CDATA[adds servers to forward data to; to set up SSL, you must provide at minimum the following parameters: client-cert, ssl-password, and ssl-root-ca-path]]></title>
<required>
<arg name="hostport"><![CDATA[in the format <host>:<port> where host and port are hostname or IP address of the indexing server and port that the indexer is listening on]]></arg>
</required>
<optional>
<arg name="method"><![CDATA[set forwarding method to data-cloning or load-balancing (clone|autobalance, default=autobalance)]]></arg>
<arg name="client-cert"><![CDATA[The full path to the client SSL certificate in Privacy Enhanced Mail (PEM) format]]></arg>
<arg name="ssl-password"><![CDATA[The password associated with the certificate authority certificate]]></arg>
<arg name="ssl-root-ca-path"><![CDATA[The path to the root certificate authority file]]></arg>
<arg name="ssl-verify-server-cert"><![CDATA[If true, make sure that the server that is being connected to is an authenticated one (true|false)]]></arg>
<arg name="ssl-common-name-to-check"><![CDATA[Check the common name of the server's certificate against this name when 'ssl-verify-server-cert' is set to true]]></arg>
<arg name="ssl-alternate-name-to-check"><![CDATA[The alternate name to check when 'ssl-verify-server-cert' is set to true]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add forward-server bologna:9997]]></ex>
<ex><![CDATA[./splunk add forward-server vicenza:9991 -client-cert /path/ssl.crt -ssl-root-ca-path /path/ca.crt -ssl-password password]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[hostport]]></implied_arg_name>
<help>
<title><![CDATA[remove servers to forward data to]]></title>
<required>
<arg name="hostport"><![CDATA[in the format <host>:<port> where host and port are hostname or IP address of the indexing server and port that the indexer is listening on]]></arg>
</required>
</help>
<eai_id>{hostport}</eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list servers that this server forwards data to]]></title>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- display|disable|enable|reload deploy-server -->
<item obj="serverclass" synonym="deploy-server" />
<item obj="deploy-server">
<common>
<help>
<header><![CDATA[An object used change settings at a deployment server (that deploy-client reports to)]]></header>
<syntax><![CDATA[[disable|display|enable|reload] deploy-server]]></syntax>
</help>
</common>
<cmd name="enable">
<type>edit</type>
<uri><![CDATA[/deployment/server/config/config/enable]]></uri>
<help>
<title><![CDATA[Enable deployment server at the instance.]]></title>
<syntax><![CDATA[enable deploy-server]]></syntax>
</help>
<post_only/>
</cmd>
<cmd name="reload">
<help>
<title><![CDATA[Reload you deployment server, in entirety or by serverclass]]></title>
<syntax><![CDATA[reload deploy-server [-class <serverclass_name>] [-timeout <sec>]]]></syntax>
<optional>
<arg name="class"><![CDATA[serverclass to be reloaded.]]></arg>
<arg name="validate-only"><![CDATA[when this parameter is supplied, any possible validation errors are logged in splunkd.log serverclass isn't actually reloaded.]]></arg>
<arg name="timeout"><![CDATA[Time CLI waits for operation to complete before exiting.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk reload deploy-server]]></ex>
<ex><![CDATA[./splunk reload deploy-server -class my_serverclass]]></ex>
<ex><![CDATA[./splunk reload deploy-server -class my_serverclass -validate-only true]]></ex>
</examples>
</help>
</cmd>
<cmd name="disable">
<type>edit</type>
<uri><![CDATA[/deployment/server/config/config/disable]]></uri>
<help>
<title><![CDATA[Disable deployment server at this instance]]></title>
<syntax><![CDATA[disable deploy-server]]></syntax>
</help>
<post_only/>
</cmd>
<cmd name="display">
<help>
<title><![CDATA[Display the status of deployment server at this instance]]></title>
<syntax><![CDATA[display deploy-server]]></syntax>
</help>
</cmd>
</item>
<!-- enable|disable|display deploy-client -->
<item obj="client" synonym="deploy-client" />
<item obj="deploy-client">
<common>
<help>
<header><![CDATA[An object used to tell commands to operate on deployment clients that report to the deployment server.]]></header>
<syntax><![CDATA[[enable|disable|display] deploy-client]]></syntax>
</help>
<uri><![CDATA[/deployment/client/config]]></uri>
</common>
<cmd name="enable">
<offline_ok />
<type>edit</type>
<default>
<arg name="disabled" value="false" />
</default>
<help>
<title><![CDATA[Enable deployment client at the instance.]]></title>
<syntax><![CDATA[enable deploy-client]]></syntax>
</help>
</cmd>
<cmd name="disable">
<offline_ok />
<type>edit</type>
<default>
<arg name="disabled" value="true" />
</default>
</cmd>
<cmd name="list" synonym="display" />
<cmd name="display">
<offline_ok />
<uri><![CDATA[/admin/deploymentclient/deployment-client/listIsDisabled]]></uri>
<help>
<title><![CDATA[Shows whether the deployment client is enabled or not]]></title>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- list|set deploy-poll -->
<item obj="deploypoll" synonym="deploy-poll" />
<item obj="poll" synonym="deploy-poll" />
<item obj="deploy-poll">
<common>
<help>
<header><![CDATA[An object used to enable or set which deployment server to poll.]]></header>
<syntax><![CDATA[[show|set] deploy-poll]]></syntax>
</help>
<uri><![CDATA[/admin/deploymentclient/]]></uri>
<argsmap>
<arg cliname="hostport" eainame="targetUri" />
</argsmap>
</common>
<cmd name="set">
<offline_ok />
<type>edit</type>
<uri><![CDATA[/admin/deploymentclient/deployment-client/]]></uri>
<implied_arg_name><![CDATA[hostport]]></implied_arg_name>
<help>
<title><![CDATA[Sets deployment server to poll updates from]]></title>
<required>
<arg name="hostport"><![CDATA[In the format <host>:<port> where host and port are hostname or IP address of the deployment server to poll updates from.]]></arg>
</required>
<optional>
<arg name="pass4SymmKey"><![CDATA[Specifies the pass4SymmKey to be used when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="sslVersions"><![CDATA[Specifies the allowed SSL versions when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="verifyServerCert"><![CDATA[Specifies whether to verify the server certificate when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="caCertFile"><![CDATA[Specifies the CA certificate to use to validate the server certificate when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="commonNameToCheck"><![CDATA[Specifies the Common Name to validate against when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="altNameToCheck"><![CDATA[Specifies the Alternate Name to validate against when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="cipherSuite"><![CDATA[Specifies the cipher suite to be used when communicating with the deployment server.]]></arg>
</optional>
<optional>
<arg name="ecdhCurves"><![CDATA[Specifies the ECDH curves to be used when communicating with the deployment server.]]></arg>
</optional>
<examples>
<ex><![CDATA[splunk set deploy-poll bologna:1234]]></ex>
<ex><![CDATA[splunk set deploy-poll bologna:1234 -pass4SymmKey changeme]]></ex>
</examples>
</help>
</cmd>
<cmd name="list" synonym="show" />
<cmd name="show">
<offline_ok />
<help>
<title><![CDATA[Shows which deployment server it is configured to poll from]]></title>
<examples>
<ex><![CDATA[splunk show deploy-poll]]></ex>
</examples>
</help>
</cmd>
</item>
<!-- enable|disable scheduler -->
<item obj="scheduler">
<common>
<help>
<header><![CDATA[An object used to tell commands to operate on the search job scheduler.]]></header>
<syntax><![CDATA[[enable|disable] scheduler]]></syntax>
</help>
<uri><![CDATA[/search/scheduler/default]]></uri>
</common>
<cmd name="enable">
<offline_ok />
<type>edit</type>
<default>
<arg name="disabled" value="false" />
</default>
<help>
<title><![CDATA[Enables the search scheduler to run searches.]]></title>
</help>
</cmd>
<cmd name="disable">
<offline_ok />
<type>edit</type>
<default>
<arg name="disabled" value="true" />
</default>
<help>
<title><![CDATA[Disables the search scheduler from running searches.]]></title>
</help>
</cmd>
</item>
<!-- show scheduler-status -->
<item obj="scheduler-status">
<cmd name="show">
<uri><![CDATA[/search/scheduler]]></uri>
<type>list</type>
<help>
<title><![CDATA[Displays the search scheduler status.]]></title>
</help>
</cmd>
</item>
<!-- add oneshot -->
<item obj="oneshot">
<common>
<help>
<header><![CDATA[Indexes the contents of a file once.]]></header>
<syntax><![CDATA[]]></syntax>
</help>
<uri><![CDATA[/data/inputs/oneshot/]]></uri>
<argsmap>
<arg cliname="source" eainame="name" />
<arg cliname="hostname" eainame="host" />
<arg cliname="hostregex" eainame="host_regex" />
<arg cliname="hostsegmentnum" eainame="host_segment" />
<arg cliname="index" eainame="index" />
<arg cliname="rename-source" eainame="rename-source" />
<arg cliname="sourcetype" eainame="sourcetype" />
</argsmap>
</common>
<cmd name="add">
<implied_arg_name><![CDATA[source]]></implied_arg_name>
<hook_functions>
<hook arg="source"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[Indexes the contents of a file once.]]></title>
<syntax><![CDATA[add oneshot <source> [-parameter <value>] ...]]></syntax>
<required>
<arg name="source"><![CDATA[The path to a file whose contents should be indexed by the Splunk server once.]]></arg>
</required>
<optional>
<arg name="index"><![CDATA[A local Splunk index to place the events in.]]></arg>
<arg name="hostname"><![CDATA[A host name to set as the value of the "host" field.]]></arg>
<arg name="hostregex"><![CDATA[A regular expression used to extract the value of the "host" field from the file path.]]></arg>
<arg name="hostsegmentnum"><![CDATA[The number of the segment in the file path to use as the value of the "host" field.]]></arg>
<arg name="rename-source"><![CDATA[A value to use as the source for the events. If omitted the path to the file will be used as the source.]]></arg>
<arg name="sourcetype"><![CDATA[A value to use as the sourcetype for the events.]]></arg>
</optional>`
</help>
</cmd>
</item>
<!-- pretty much a synchronous oneshot with an amusing progress bar :) -->
<item obj="on">
<common>
<help>
<header><![CDATA[SPLUNK HAWNGRY]]></header>
<syntax><![CDATA[]]></syntax>
</help>
<uri><![CDATA[/data/inputs/oneshot/]]></uri>
<argsmap>
<arg cliname="COOOOOOKIEEEEEE" eainame="name" />
<arg cliname="hostname" eainame="host" />
<arg cliname="hostregex" eainame="host_regex" />
<arg cliname="hostsegmentnum" eainame="host_segment" />
</argsmap>
</common>
<cmd name="nom">
<implied_arg_name><![CDATA[COOOOOOKIEEEEEE]]></implied_arg_name>
<hook_functions>
<hook arg="COOOOOOKIEEEEEE"><![CDATA[make_path_absolute]]></hook>
</hook_functions>
<help>
<title><![CDATA[GET FILE IN MAH BELLY]]></title>
<required>
<arg name="COOOOOOKIEEEEEE"><![CDATA[YAH YAH YAH YAH!!!!]]></arg>
</required>
</help>
<type>create</type>
</cmd>
</item>
<!-- disable|enable|display|reload listen -->
<item obj="listen">
<common>
<help>
<header><![CDATA[An object used to set the port to receive data from Splunk forwarders or other Splunk systems configured to forward (listen on a port)]]></header>
</help>
<uri><![CDATA[/data/inputs/tcp/cooked/]]></uri>
<argsmap>
<arg cliname="port" eainame="name" />
</argsmap>
</common>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[port]]></implied_arg_name>
<uri><![CDATA[/data/inputs/tcp/cooked/{port}/disable]]></uri>
<help>
<title><![CDATA[close a port set to listen for Splunk forwarding protocol (splunktcp) data from Splunk forwarders]]></title>
<syntax><![CDATA[disable listen [-parameter <value> | <value>]]]></syntax>
<required>
<arg name="port"><![CDATA[TCP port to listen on]]></arg>
</required>
</help>
<eai_id><![CDATA[{port}]]></eai_id>
<type>edit</type>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[port]]></implied_arg_name>
<help>
<title><![CDATA[open a port to listen for Splunk forwarding protocol (splunktcp) data from Splunk forwarders]]></title>
<syntax><![CDATA[enable listen [-parameter <value> | <value>]]]></syntax>
<required>
<arg name="port"><![CDATA[TCP port to listen on]]></arg>
</required>
</help>
<type>edit</type>
</cmd>
<cmd name="display">
<offline_ok />
<help>
<title><![CDATA[display the port to listen for Splunk forwarding protocol (splunktcp) from Splunk forwarders]]></title>
<syntax><![CDATA[display listen [-parameter <value> | <value>]]]></syntax>
<required/>
</help>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/tcp/cooked/_reload]]></uri>
<help>
<title><![CDATA[reloads TCP configuration, making immediately effective all
"enable|disable listen" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- add|remove|edit|list user -->
<item obj="user">
<common>
<help>
<header><![CDATA[An object used to specify a username for user account management.]]></header>
</help>
<uri><![CDATA[/authentication/users/]]></uri>
<argsmap>
<arg cliname="username" eainame="name" />
<arg cliname="full-name" eainame="realname" />
<arg cliname="role" eainame="roles" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[username]]></implied_arg_name>
<help>
<title><![CDATA[adds a user]]></title>
<syntax><![CDATA[add user <username> [-parameter <value>] ...]]></syntax>
<required>
<arg name="username"><![CDATA[the name of the Splunk user account to manage]]></arg>
<arg name="role"><![CDATA[Admin, Power, or User]]></arg>
<arg name="password"><![CDATA[password of the account <br /> Caution: Passing login credentials on the CLI is a security risk.]]></arg>
</required>
<optional>
<arg name="full-name"><![CDATA[Real name of user in quotes (Example: "Nikola Tesla")]]></arg>
<arg name="tz"><![CDATA[Timezone of user (Example: "Europe/London")]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add user jdoe -password "ch@ng3m#" -full-name "John Doe" -role User]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[username]]></implied_arg_name>
<help>
<title><![CDATA[removes a user]]></title>
<syntax><![CDATA[remove user <username>]]></syntax>
<required>
<arg name="username"><![CDATA[the name of the Splunk user account to remove]]></arg>
</required>
</help>
<eai_id><![CDATA[{username}]]></eai_id>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[username]]></implied_arg_name>
<help>
<title><![CDATA[edits a user]]></title>
<syntax><![CDATA[edit user <username> [-parameter <value>] ...]]></syntax>
<required>
<arg name="username"><![CDATA[the name of the Splunk user account to edit]]></arg>
</required>
<optional>
<arg name="roles"><![CDATA[Role of user (Example: "admin")]]></arg>
<arg name="full-name"><![CDATA[Real name of user in quotes (Example: "Nikola Tesla")]]></arg>
<arg name="tz"><![CDATA[Timezone of user (Example: "Europe/London")]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit user jdoe -roles admin -roles can_delete]]></ex>
<ex><![CDATA[./splunk edit user jdoe -roles admin -full-name "John Doe"]]></ex>
<ex><![CDATA[./splunk edit user jdoe -roles admin -tz Europe/London]]></ex>
</examples>
</help>
<eai_id><![CDATA[{username}]]></eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list all users known to Splunk]]></title>
<syntax><![CDATA[list user]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- add|remove|edit|list role -->
<item obj="role">
<common>
<help>
<header><![CDATA[An object used to specify a role for capability management]]></header>
<optional>
<arg name="imported"><![CDATA[roles that this current role imports from]]></arg>
<arg name="grantable"><![CDATA[roles that the current role can grant provided it has edit_user capability]]></arg>
<arg name="capability"><![CDATA[explicit capability that the current role is assigned]]></arg>
</optional>
</help>
<uri><![CDATA[/authorization/roles/]]></uri>
<argsmap>
<arg cliname="imported" eainame="imported_roles" />
<arg cliname="grantable" eainame="grantable_roles" />
<arg cliname="capability" eainame="capabilities" />
<arg cliname="default_index" eainame="srchIndexesDefault" />
<arg cliname="index" eainame="srchIndexesAllowed" />
</argsmap>
</common>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[adds a role]]></title>
<syntax><![CDATA[add role <rolename> [-parameter <value>] ...]]></syntax>
<required>
<arg name="rolename"><![CDATA[The name of the role]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk add role managers -capability edit_tcp -imported user]]></ex>
<ex><![CDATA[./splunk add role managers -capability edit_user -imported user -imported power -grantable user]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[removes a role]]></title>
<syntax><![CDATA[remove role <rolename>]]></syntax>
<required>
<arg name="rolename"><![CDATA[The name of the role]]></arg>
</required>
</help>
<eai_id><![CDATA[{name}]]></eai_id>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[edits a role]]></title>
<syntax><![CDATA[edit role <rolename> [-parameter <value>]]]></syntax>
<required>
<arg name="rolename"><![CDATA[The name of the role]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk edit role managers -capability edit_udp -capability edit_tcp -imported user -index main -index index1 -default_index index1 ]]></ex>
</examples>
</help>
<eai_id><![CDATA[{name}]]></eai_id>
</cmd>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[list all roles known to Splunk]]></title>
<syntax><![CDATA[list role]]></syntax>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- list|reload|enable|disable ad -->
<item obj="ad">
<common>
<help>
<header><![CDATA[Active Directory data input.]]></header>
</help>
<uri><![CDATA[/data/inputs/ad]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all Active Directory monitoring settings]]></title>
<examples>
<ex><![CDATA[./splunk list ad]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable ad col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/ad/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable ad col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/ad/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/ad/_reload]]></uri>
<help>
<title><![CDATA[reloads Windows AD input configuration, making immediately effective all
"enable/disable ad" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|reload|enable|disable regmon -->
<item obj="regmon" synonym="registry" />
<item obj="registry">
<common>
<help>
<header><![CDATA[Registry data input.]]></header>
</help>
<uri><![CDATA[/data/inputs/registry]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display Registry input settings]]></title>
<examples>
<ex><![CDATA[./splunk list registry]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable registry col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/registry/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable registry col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/registry/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/registry/_reload]]></uri>
<help>
<title><![CDATA[reloads registry input configuration, making immediately effective all
"add/edit/remove regmon" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|reload|enable|disable wmi -->
<item obj="wmi">
<common>
<help>
<header><![CDATA[WMI data input.]]></header>
</help>
<uri><![CDATA[/data/inputs/win-wmi-collections]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all WMI Collections]]></title>
<examples>
<ex><![CDATA[./splunk list wmi]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable wmi col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/win-wmi-collections/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable wmi col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/win-wmi-collections/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/win-wmi-collections/_reload]]></uri>
<help>
<title><![CDATA[reloads Windows WMI input configuration, making immediately effective all
"enable/disable wmi" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|enable|disable eventlog -->
<item obj="eventlogs" synonym="eventlog" />
<item obj="eventlog">
<common>
<uri><![CDATA[/data/inputs/WinEventLog]]></uri>
<help>
<header><![CDATA[Event log data input.]]></header>
</help>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all EventLog Collections]]></title>
<examples>
<ex><![CDATA[./splunk list eventlog]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable eventlog logs1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinEventLog/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable eventlog logs1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinEventLog/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list|enable|disable monitornohandle -->
<item obj="monitornohandle">
<common>
<uri><![CDATA[/data/inputs/MonitorNoHandle]]></uri>
<help>
<header><![CDATA[MonitorNoHandle data input.]]></header>
</help>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display the file tail]]></title>
<examples>
<ex><![CDATA[./splunk list monitornohandle]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified file tail]]></title>
<required>
<arg name="name"><![CDATA[The name of the file tail]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable monitornohandle <name>]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/MonitorNoHandle/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified file tail]]></title>
<required>
<arg name="name"><![CDATA[The name of the file tail]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable monitornohandle <name>]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/MonitorNoHandle/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list|enable|disable WinNetMon -->
<item obj="winnetmon">
<common>
<uri><![CDATA[/data/inputs/WinNetMon]]></uri>
<help>
<header><![CDATA[winnetmon data input.]]></header>
</help>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Windows network monitor inputs]]></title>
<examples>
<ex><![CDATA[./splunk list winnetmon]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified Windows network monitor input]]></title>
<required>
<arg name="name"><![CDATA[The name of the Windows network monitor input]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable winnetmon]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinNetMon/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified Windows network monitor input]]></title>
<required>
<arg name="name"><![CDATA[The name of the Windows network monitor input]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable winnetmon]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinNetMon/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list|enable|disable|reload perfmon -->
<item obj="perfmon">
<common>
<help>
<header><![CDATA[Perfomance monitoring data input.]]></header>
</help>
<uri><![CDATA[/data/inputs/win-perfmon]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all performance monitoring collections]]></title>
<examples>
<ex><![CDATA[./splunk list perfmon]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable perfmon col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/win-perfmon/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable perfmon col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/win-perfmon/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="reload">
<uri><![CDATA[/data/inputs/win-perfmon/_reload]]></uri>
<help>
<title><![CDATA[reloads Win Perfmon input configuration, making immediately effective all
"enable/disable perfmon" commands since last reload or Splunk restart]]></title>
</help>
<type>list</type>
</cmd>
</item>
<!-- list|enable|disable|reload WinHostMon -->
<item obj="winhostmon">
<common>
<help>
<header><![CDATA[Windows Host Monitor input.]]></header>
</help>
<uri><![CDATA[/data/inputs/WinHostMon]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all Host monitoring collections]]></title>
<examples>
<ex><![CDATA[./splunk list winhostmon]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified Windows Host collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable winhostmon]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinHostMon/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the Windows Host ollection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable winhostmon]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinHostMon/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list|enable|disable|reload WinPrintMon -->
<item obj="winprintmon">
<common>
<help>
<header><![CDATA[Windows Print Monitor input.]]></header>
</help>
<uri><![CDATA[/data/inputs/WinPrintMon]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[Display all Print monitoring collections]]></title>
<examples>
<ex><![CDATA[./splunk list winprintmon]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="enable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Enable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the Windows Print collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk enable winprintmon]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinPrintMon/{name}/enable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
<cmd name="disable">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[Disable specified collection]]></title>
<required>
<arg name="name"><![CDATA[The name of the Windows Print collection]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk disable winprintmon col1]]></ex>
</examples>
</help>
<uri><![CDATA[/data/inputs/WinPrintMon/{name}/disable]]></uri>
<type>edit</type>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list saved-search -->
<item obj="saved-search">
<common>
<help>
<header><![CDATA[
Configuration options for saved searches and alerts. Alerts are controlled by the
saved-search object of the add and remove commands. Alerts can be scheduled to be
run at a specified time, or can be set to trigger when a certain threshold is reached.
Syntax:
add saved-search [-parameter <value>]
edit saved-search [-parameter <value>]
list saved-search
remove saved-search
Required Parameters:
name (default) name of saved search to create
terms search terms to be associated with this saved search
Optional Parameters:
alert make the search an alert (true|false, default=false)
IF alert=true, "schedule" and "threshold" are required, and
"email", "attach" or "script" options are required.
end_time the latest time for the search
fields a list of key-value pairs to annotate the events inserted into
the summary index. format pairs as key:value and separate multiple
entries with a semicolon
summary_index the name of the summary index where to add the results of the
scheduled search
start_time the earliest time for the search
ttl time-to-live (in seconds) for the artifacts of the scheduled search
(IF optional parameter "alert" is set to true, then the following is REQUIRED)
schedule specify when the alert is run using full cron format
(IF optional parameter "alert" is set to true, then AT LEAST ONE of the following
is REQUIRED)
email comma-separated list of email addresses to send alerts to (true|false)
default=false
attach specify inclusion of search results in emails (true|false) default=false
script script to execute upon alert (ex: $SPLUNK_HOME/bin/myScript)
workload_pool specify the name of the workload-pool for the search to run in
threshold the threshold to trigger the alert action
[<threshold type>:<relation>:<quantity>]
<threshold type>= num-events,num-sources,num-hosts
<quantity>= any integer
Complete documentation is available online at: http://docs.splunk.com/Documentation
]]>
</header>
</help>
</common>
</item>
<item obj="licensing">
<common>
<help>
<header><![CDATA[This page shows you the commands and objects you can use to manage the licenses on your Splunk server.
The add|edit commands only work if there is an Enterprise license installed.
Objects:
licenser-groups this object represents the different licenser groups
you can switch to.
licenser-localslave this object represents a local licensing slave node's configuration.
licenser-messages this object represents the alerts or warnings about the
state of your licenses.
licenser-pools this object represents a pool, or virtual license. A stack
can be divided into various pools, with multiple slaves
sharing the quota of each pool.
licenser-slaves this object represents all the slaves that have contacted
the master.
licenser-stacks this object represents a stack of licenses. A stack contains
licenses of the same type and are cumulative.
licenses this object represents a license for this Splunk instance.
Similar types of licenses can be stacked over each other.
]]>
</header>
</help>
</common>
<cmd name="add">
<help>
<syntax><![CDATA[add [licenses|licenser-pools]]]></syntax>
<examples>
<ex><![CDATA[./splunk add licenses /opt/splunk/etc/licenses/enterprise/enterprise.lic]]></ex>
</examples>
</help>
</cmd>
<cmd name="edit">
<help>
<syntax><![CDATA[edit [licenser-localslave|licenser-pools|licenser-groups]]]></syntax>
<!-- Commenting out these examples because they are duplicates.
<examples>
<ex><![CDATA[./splunk edit licenser-localslave -master_uri https://myhost:8089]]></ex>
<ex><![CDATA[./splunk edit licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 -append_slaves true]]></ex>
<ex><![CDATA[./splunk edit licenser-groups Foo -is_active 1]]></ex>
</examples>
-->
</help>
</cmd>
<cmd name="list">
<help>
<syntax><![CDATA[list [licenser-groups|licenser-localslave|licenser-messages|licenser-pools|licenser-slaves|licenser-stacks|licenses]]]></syntax>
<examples>
<ex><![CDATA[./splunk list licenser-stacks]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<help>
<syntax><![CDATA[remove [licenser-pools|licenses]]]></syntax>
<examples>
<ex><![CDATA[./splunk remove licenses BM+S8VetLnQEb1F+5Gwx9rR4MGGG5E3gQgV4Y91AkIE=]]></ex>
</examples>
</help>
</cmd>
</item>
<!-- list|add|remove licenses -->
<item obj="license" synonym="licenses"/>
<item obj="licenses">
<common>
<help>
<header><![CDATA[This represents a license for this splunk instance. Similar type licenses can be stacked over each other.]]>
</header>
</help>
<uri><![CDATA[/licenser/licenses/]]></uri>
<argsmap>
<arg cliname="path" eainame="name" />
</argsmap>
</common>
<cmd name="show" depr="true" />
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[lists all licenses across all stacks]]></title>
<syntax><![CDATA[list licenses]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenses]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[path]]></implied_arg_name>
<hook_functions>
<hook arg="path"><![CDATA[read_from_disk]]></hook>
</hook_functions>
<default>
<arg name="payload" value="" />
</default>
<help>
<title><![CDATA[adds a license to the appropriate stack]]></title>
<syntax><![CDATA[add licenses path ]]></syntax>
<required>
<arg name="path"><![CDATA[path to the new license file]]></arg>
</required>
<optional/>
<examples>
<ex><![CDATA[./splunk add licenses /opt/splunk/etc/licenses/enterprise/enterprise.lic]]></ex>
</examples>
</help>
</cmd>
<cmd name="remove">
<offline_ok />
<implied_arg_name><![CDATA[hash]]></implied_arg_name>
<help>
<title><![CDATA[removes a license from a stack]]></title>
<syntax><![CDATA[remove licenses hash ]]></syntax>
<required>
<arg name="hash"><![CDATA[hash of the license file to remove]]></arg>
</required>
<optional/>
<examples>
<ex><![CDATA[./splunk remove licenses BM+S8VetLnQEb1F+5Gwx9rR4MGGG5E3gQgV4Y91AkIE=]]></ex>
</examples>
</help>
<eai_id><![CDATA[{hash}]]></eai_id>
</cmd>
</item>
<!-- list licenser-stacks -->
<item obj="licenser-stack" synonym="licenser-stacks"/>
<item obj="licenser-stacks">
<common>
<help>
<header><![CDATA[This represents a stack of licenses. A stack contains licenses of the same type which are cumulative.]]>
</header>
</help>
<uri><![CDATA[/licenser/stacks/]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[lists all the current stacks]]></title>
<syntax><![CDATA[list licenser-stacks]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-stacks]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- list|add|remove licenser-pools -->
<item obj="licenser-pools">
<common>
<help>
<header><![CDATA[This represents a pool i.e. a virtual license. A stack can be carved up into various pools. There can be multiple slaves per pool, sharing the quota of the pool.]]>
</header>
</help>
<uri><![CDATA[/licenser/pools/]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[lists pools across all stacks]]></title>
<syntax><![CDATA[list pools]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-pools]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="add">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[adds a pool to a stack]]></title>
<syntax><![CDATA[add -name <pool name> -description <description> -quota <size[kb|mb|tb]> -slaves <comma separated slave GUID list> -stack_id <stack to which this pool belongs>]]></syntax>
<required>
<arg name="name"><![CDATA[name of the new pool to add]]></arg>
<arg name="stack_id"><![CDATA[stack that this pool belongs to]]></arg>
<arg name="quota"><![CDATA[new allocation size of the pool]]></arg>
</required>
<optional>
<arg name="description"><![CDATA[human readable description]]></arg>
<arg name="slaves"><![CDATA[list of slave GUIDs that are part of this pool]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk add licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 -stack_id enterprise]]></ex>
</examples>
</help>
</cmd>
<cmd name="edit">
<offline_ok />
<help>
<title><![CDATA[edits a pool within a stack]]></title>
<syntax><![CDATA[edit -name <pool name> -description <description> -quota <size[kb|mb|tb]> -slaves <comma separated slave GUID list>]]></syntax>
<required>
<arg name="name"><![CDATA[name of the pool to edit]]></arg>
</required>
<optional>
<arg name="description"><![CDATA[human readable description]]></arg>
<arg name="quota"><![CDATA[new allocation size of the pool]]></arg>
<arg name="slaves"><![CDATA[list of slave GUIDs that are part of this pool]]></arg>
<arg name="append_slaves"><![CDATA[a flag to append the slave GUIDs to the existing list rather than overwriting it]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk edit licenser-pools foo -description test -quota 10mb -slaves guid1,guid2]]></ex>
<ex><![CDATA[./splunk edit licenser-pools foo -description test -quota 10mb -slaves guid1,guid2 -append_slaves true]]></ex>
</examples>
</help>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<eai_id><![CDATA[{name}]]></eai_id>
<default>
<arg name="append_slaves" value="false" />
</default>
</cmd>
<cmd name="remove">
<offline_ok />
<help>
<title><![CDATA[removes a pool within a stack]]></title>
<syntax><![CDATA[remove -name <pool name>]]></syntax>
<required>
<arg name="name"><![CDATA[name of the pool to remove]]></arg>
</required>
<optional/>
<examples>
<ex><![CDATA[./splunk remove licenser-pools foo]]></ex>
</examples>
</help>
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<eai_id><![CDATA[{name}]]></eai_id>
</cmd>
</item>
<!-- list licenser-slaves -->
<item obj="licenser-slaves">
<common>
<help>
<header><![CDATA[This represents a listing of all the slaves that have contacted the master.]]>
</header>
</help>
<uri><![CDATA[/licenser/slaves/]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[lists attributes of license slave]]></title>
<syntax><![CDATA[list licenser-slaves]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-slaves]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- list|edit licenser-localslave -->
<item obj="licenser-localslave">
<common>
<help>
<header><![CDATA[This represents a local licensing slave node's configuration.]]>
</header>
</help>
<uri><![CDATA[/licenser/localslave/]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[lists attributes of local license slave]]></title>
<syntax><![CDATA[list licenser-localslave]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-localslave]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="edit">
<offline_ok />
<help>
<title><![CDATA[edits attributes of local license slave node]]></title>
<syntax><![CDATA[edit -master_uri <scheme>://<hostname>:<port>]]></syntax>
<required>
<arg name="master_uri"><![CDATA[uri of the splunkd license master instance OR 'self']]></arg>
</required>
<examples>
<ex><![CDATA[./splunk edit licenser-localslave -master_uri https://myhost:8089]]></ex>
<ex><![CDATA[./splunk edit licenser-localslave -master_uri self]]></ex>
</examples>
</help>
<uri><![CDATA[/licenser/localslave/licenseslave]]></uri>
</cmd>
</item>
<!-- list|edit licenser-groups -->
<item obj="licenser-groups">
<common>
<help>
<header><![CDATA[This represents the different licenser groups you can switch to.]]>
</header>
</help>
<uri><![CDATA[/licenser/groups/]]></uri>
</common>
<cmd name="list">
<offline_ok />
<help>
<title><![CDATA[lists attributes of available licenser groups]]></title>
<syntax><![CDATA[list licenser-groups]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-groups]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
<cmd name="edit">
<offline_ok />
<implied_arg_name><![CDATA[name]]></implied_arg_name>
<help>
<title><![CDATA[edits attributes of licenser groups]]></title>
<syntax><![CDATA[edit <licenser group name> -is_active 1]]></syntax>
<required>
<arg name="name"><![CDATA[name of the licenser groups]]></arg>
<arg name="is_active"><![CDATA[1 to enable]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk edit licenser-groups Foo -is_active 1]]></ex>
</examples>
</help>
<eai_id>{name}</eai_id>
</cmd>
</item>
<!-- list licenser-messages -->
<item obj="licenser-messages">
<common>
<help>
<header><![CDATA[This represents the alerts or warnings about the state of your licenses.]]>
</header>
</help>
<uri><![CDATA[/licenser/messages/]]></uri>
</common>
<cmd name="list">
<help>
<title><![CDATA[lists the alerts or warnings about your current licenser]]></title>
<syntax><![CDATA[list licenser-messages]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[./splunk list licenser-messages]]></ex>
</examples>
</help>
<default>
<arg name="count" value="-1" />
</default>
</cmd>
</item>
<!-- enable dmc-server - commented out for now until feature is enabled -->
<!-- placeholder for when this comes in, also add it to enable help listing -->
<item obj="blacklist" depr="true">
<cmd name="add" depr="true">
</cmd>
<cmd name="list" depr="true">
</cmd>
<cmd name="remove" depr="true">
</cmd>
</item>
<item obj="fifo" depr="true">
<cmd name="add" depr="true">
</cmd>
<cmd name="edit" depr="true">
</cmd>
<cmd name="list" depr="true">
</cmd>
<cmd name="remove" depr="true">
</cmd>
</item>
<item obj="watch" depr="true">
<cmd name="add" depr="true">
</cmd>
<cmd name="edit" depr="true">
</cmd>
<cmd name="list" depr="true">
</cmd>
<cmd name="remove" depr="true">
</cmd>
</item>
<item obj="deploy-info">
<cmd name="list" depr="true">
</cmd>
</item>
<item obj="module">
<cmd name="disable" depr="true">
</cmd>
<cmd name="display" depr="true">
</cmd>
<cmd name="enable" depr="true">
</cmd>
</item>
<item obj="globaldata" depr="true">
<cmd name="export" depr="true">
</cmd>
<cmd name="import" depr="true">
</cmd>
</item>
<item obj="prefixcount" depr="true">
<cmd name="_internal" depr="true">
</cmd>
<cmd name="totalcount" depr="true">
</cmd>
</item>
<item obj="recover" depr="true">
</item>
<item obj="system" depr="true">
<cmd name="test" depr="true">
</cmd>
</item>
<item obj="webserver">
<cmd name="display" depr="true">
</cmd>
</item>
<item obj="web-ssl">
<cmd name="display" depr="true">
</cmd>
</item>
<item obj="s2s" depr="true">
<cmd name="edit" depr="true">
</cmd>
</item>
<item obj="auth-roles" depr="true">
<cmd name="list" depr="true">
</cmd>
</item>
<item obj="upgrade" depr="true">
</item>
<item obj="bundle" depr="true">
<cmd name="install" depr="true">
</cmd>
<cmd name="package" depr="true">
</cmd>
<cmd name="upgrade" depr="true">
</cmd>
<cmd name="remove" depr="true">
</cmd>
<cmd name="list" depr="true">
</cmd>
<cmd name="disable" depr="true">
</cmd>
<cmd name="enable" depr="true">
</cmd>
</item>
<item obj="server-type" depr="true">
<cmd name="set" depr="true" />
</item>
<!-- use exec instead -->
<item obj="scripted" depr="true">
<cmd name="add" depr="true" />
<cmd name="list" depr="true" />
<cmd name="edit" depr="true" />
<cmd name="remove" depr="true" />
</item>
<item obj="help">
<common>
<help>
<header><![CDATA[Welcome to Splunk's Command Line Interface (CLI).
Type these commands for more help:
help [command] type a command name to access its help page
help [object] type an object name to access its help page
help [topic] type a topic keyword to get help on a topic
help commands display a full list of CLI commands
help clustering commands that can be used to configure the clustering setup
help shclustering commands that can be used to configure the Search Head Cluster setup
help control, controls tools to start, stop, manage Splunk processes
help datastore manage Splunk's local filesystem use
help distributed manage distributed configurations such as
data cloning, routing, and distributed search
help forwarding manage deployments
help input, inputs manage data inputs
help licensing manage licenses for your Splunk server
help settings manage settings for your Splunk server
help simple, cheatsheet display a list of common commands with syntax
help tools tools to help your Splunk server
help search help with Splunk searches
Universal Parameters:
The following parameters are usable by any command. For more details on each parameter, type "help [parameter]".]]>
</header>
<syntax><![CDATA[[command] [object] [-parameter <value> | <value>]... [-uri][-auth]
app specify the app or namespace to run the command; for search, defaults to
the Search app
auth specify login credentials to execute commands that require you to be logged in
owner specify the owner/user context associated with an object; if not specified,
defaults to the currently logged in user
uri execute a command on any specified Splunk server. Use the
format: <ip>:<port>
Note: Both IPv4 and IPv6 formats are supported for specifying an IP address, for example:
127.0.0.1:80 or "[2001:db8::1]:80". By default, splunkd listens on IPv4 only. To enable
IPv6 support, refer to the instructions in:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/ConfigureSplunkforIPv6 ]]>
</syntax>
</help>
</common>
</item>
<item obj="commands">
<common>
<help>
<header><![CDATA[This page shows you the syntax and summary of the Splunk CLI commands. A command is an action
that you can perform on an object. Some commands don't require an object or parameters. Some
commands have a default parameter that can be specified by its value alone.]]>
</header>
<syntax><![CDATA[./splunk [command] [object] [-parameter <value>]...
Supported commands and objects:
[command] [objects]
add [exec|forward-server|index|licenser-pools|licenses|master|monitor|oneshot|
saved-search|search-server|tcp|udp|user]
anonymize source
apply cluster-bundle
clean [all|eventdata|globaldata|inputdata|userdata|kvstore|raft]
cmd [btool|exporttool|importtool|locktest|locktool|parsetest|pcregextest|signtool|walklex]
create app
createssl NONE
diag NONE
disable [app|boot-start|deploy-client|deploy-server|
dist-search|index|kvstore-maintenance-mode|listen|local-index|maintenance-mode|shcluster-maintenance-mode|webserver|web-ssl]
display [app|boot-start|deploy-client|deploy-server|
dist-search|index|jobs|listen|local-index]
edit [app|cluster-config|shcluster-config|exec|index|licenser-localslave|licenses|
licenser-groups|master|monitor|saved-search|search-server|tcp|udp|user]
enable [app|boot-start|deploy-client|deploy-server|dist-search|
index|kvstore-maintenance-mode|listen|local-index|maintenance-mode|shcluster-maintenance-mode|webserver|web-ssl]
export [eventdata|userdata]
find logs
fsck [repair|scan|clear-bloomfilter]
help NONE
import userdata
install app
list [cluster-buckets|cluster-config|cluster-generation|cluster-peers|deploy-clients|excess-buckets|
shcluster-artifacts|shcluster-config|shcluster-members|
exec|forward-server|index|jobs|licenser-groups|licenser-localslave|licenser-messages|
licenser-pools|licenser-slaves|licenser-stacks|licenses|master|master-info|monitor|peer-buckets|peer-info|
saved-search|search-server|tcp|udp|user]
login,logout NONE
offline NONE
package app
rebalance cluster-data
rebuild NONE
refresh deploy-clients
reload [ad|auth|deploy-server|index|listen|monitor|registry|script|tcp|udp|perfmon|wmi]
remove [app|cluster-peers|excess-buckets|exec|forward-server|index|jobs|licenser-pools|licenses|master|monitor|
saved-search|search-server|tcp|udp|user]
rollback cluster-bundle
rolling-restart cluster-peers|shcluster-members
rotate splunk-secret|shcluster-splunk-secret
rtsearch [app|batch|detach|earliest_time|header|id|max_time|maxout|output|preview|timeout|
uri|wrap|workload_pool]
search [app|batch|detach|earliest_time|header|id|index_earliest|index_latest|latest_time|
max_time|maxout|output|preview|timeout|uri|wrap|workload_pool]
set [datastore-dir|deploy-poll|default-hostname|default-index|
minfreemb|servername|server-type|splunkd-port|web-port|kvstore-port]
show [config|datastore-dir|deploy-poll|default-hostname|default-index|
jobs|minfreemb|servername|splunkd-port|web-port|kvstore-port|
kvstore-status]
spool NONE
start,stop,restart [splunkd|splunkweb]
status [splunkd|splunkweb]
check-integrity NONE
generate-hash-files NONE
validate [index|files|cluster-bundle]
resync [kvstore|shcluster-replicated-config]
backup [kvstore]
restore [kvstore]
merge-buckets [--index-name]
]]>
</syntax>
</help>
</common>
</item>
<item obj="cheatsheet" synonym="simple" />
<item obj="simple">
<common>
<help>
<header><![CDATA[This page will get you started with some basic commands, examples of usage,
and a list of help commands for reference on Splunk search.
Basic Splunk CLI commands:
search search a Splunk index
login,logout authenticate a session to a Splunk server
start,stop,restart,status manage Splunk processes
spool load a file or directory into an index
add,edit,remove,list manage data inputs, user accounts, saved searches
set,show manage Splunk settings
enable,disable turn features on and off
help show the main help page
refresh update a deployment server with client server information
reload reload deployment servers
Splunk search cheatsheets:
help search search syntax reference
help search-modifiers complete list of modifiers and usage examples
help search-fields complete list of fields indexed by Splunk
help search-commands complete list of search commands
]]>
</header>
</help>
</common>
<cmd name="commands">
<help>
<syntax><![CDATA[./splunk [command] [object] [-parameter <value>]...
Syntax notation:
* Plain text: indicate required arguments
* [Text in brackets]: indicate optional arguments
* Parameters always have a "-" with no space
(Example: "-parameter" NOT "- parameter")
* ... indicates that you can add multiple arguments]]>
</syntax>
<examples>
<ex><![CDATA[./splunk search "session root daysago=1"]]></ex>
<ex><![CDATA[./splunk add monitor /var/applog -sourcetype myApp]]></ex>
<ex><![CDATA[./splunk remove monitor /var/log]]></ex>
<ex><![CDATA[./splunk list monitor]]></ex>
<ex><![CDATA[./splunk spool /my/random/logs.tgz -sourcetype linux_messages_syslog]]></ex>
<ex><![CDATA[./splunk add udp 514]]></ex>
<ex><![CDATA[./splunk edit udp 514 -sourcetype asterisk_event_syslog]]></ex>
<ex><![CDATA[./splunk add forward 10.1.1.123:8089]]></ex>
<ex><![CDATA[./splunk enable boot-start]]></ex>
<ex><![CDATA[./splunk add search-server splunk03]]></ex>
<ex><![CDATA[./splunk help commands]]></ex>
</examples>
</help>
</cmd>
</item>
<item obj="datastore">
<common>
<help>
<header><![CDATA[ Manage indexes and user or global data that is stored on the server.
Objects:
all everything on the server
eventdata indexed events and fields for each event
globaldata host tags, source type aliases, server tag data
inputdata modular inputs checkpoint data
userdata user account information
Commands:
add index [-name <name>|<name>] ...
edit index [-name <name>|<name>] ...
list index
export [eventdata|userdata]
import userdata
clean [all|eventdata|globaldata|userdata] [-f] [-index <name>]
clean inputdata [<scheme>] [-f]
Parameters:
(For add and edit index)
name value name of the index
(For clean ONLY)
f forces skip of confirmation prompt
(For clean eventdata ONLY)
index name name of the index
]]>
</header>
</help>
</common>
</item>
<item obj="distributed">
<common>
<help>
<header><![CDATA[ Distributed search, cloning, and deployment configuration management tools.
Objects:
dist-search distribute searches to other Splunk servers
listen reception of data to be indexed from other Splunk servers
forward-server a Splunk server to which to forward data to be indexed
search-server a Splunk server to which to forward searches
local-index maintain a search index on this Splunk server
deploy-client a deployment client
deploy-clients deployment clients
deploy-server a deployment server
deploy-poll enables deployment client and sets which deployment server to poll
Commands:
disable [listen|dist-search|local-index|deploy-client|
deploy-server] [-parameter <value>] ...
enable [listen|dist-search|local-index|deploy-client|
deploy-server] [-parameter <value>] ...
display [listen|dist-search|local-index|deploy-server]
add [forward-server|search-server] server
remove [forward-server|search-server] server
list [deploy-clients|forward-server|search-server]
reload deploy-server
refresh deploy-clients
set [deploy-poll]
show [deploy-poll]
Parameters:
For a complete list of parameters, type "./splunk help [command|object]" to get a specific list.
]]>
</header>
</help>
</common>
</item>
<item obj="forwarding">
<common>
<help>
<header><![CDATA[
Data forwarding configuration management tools.
Objects:
forward-server a Splunk forwarder to forward data to be indexed
search-server a Splunk server to forward searches
local-index a local search index on the Splunk server
Commands:
enable local-index [-parameter <value>] ...
disable local-index [-parameter <value>] ...
display local-index
add [forward-server|search-server] server
remove [forward-server|search-server] server
list [forward-server|search-server]
Parameters:
For a complete list of parameters, type "./splunk help [command|object]" to get a specific list.
]]>
</header>
</help>
</common>
</item>
<item obj="inputs" synonym="input" />
<item obj="input">
<common>
<help>
<header><![CDATA[ Data input configuration options.
Objects
exec a scripted input
fifo (no longer supported)
monitor a file or directory to be continuously monitored for new input
tcp a TCP socket
udp a UDP socket
Commands
add [exec|monitor|tcp|udp] [source] [-parameter <value>] ...
edit [exec|monitor|tcp|udp] [source] [-parameter <value>] ...
remove [monitor|tcp|udp] [source]
list [monitor|tcp|udp]
Required Parameter:
source file, directory, scripted input, or socket to manage
Optional Parameters:
Type "./splunk help [command|object]" to view a complete list of parameters.
]]>
</header>
</help>
</common>
</item>
<item obj="cmd">
<common>
<help>
<header><![CDATA[ Runs the specified command string with various environment variables set.
Many utilities in Splunk's "bin" directory will not run without these
variables.
To see which environment variables will be set, run "splunk envvars".
Objects
btool Views or validates Splunk configuration files, taking into account configuration file layering and user/app context.
exporttool An advanced data manipulation tool that can be used to migrate buckets. You can use this command to export
indexed data between systems of different endianness. NOTE: This command is not supported and provided as is.
importtool An advanced data manipulation tool that can be used to migrate buckets. You can use this command to import
indexed data between systems of different endianness. NOTE: This command is not supported and provided as is.
locktest Tests file systems for basic compatibility with Splunk software. Reports incompatibility on stdout if it finds an unsupported filesystem.
locktool Acquires and releases locks in the same manner as splunkd.
parsetest Validates parsing rules for a single event.
pcregextest Simple utility tool for testing modular regular expressions.
signtool Allows verification and signing splunk index buckets.
walklex This tool "walks the lexicon" to tell you which terms exist in a given index.
Examples:
./splunk cmd btool inputs list
./splunk cmd /bin/ls
]]>
</header>
<syntax><![CDATA[cmd <command> [parameters...]]]></syntax>
<title><![CDATA[Run a command using Splunk's environment variables]]></title>
</help>
</common>
</item>
<!--
<item obj="diag">
<common>
<help>
Removed this, because it goes stale, this is now served by help diag running diag -\-help
</help>
</common>
</item>
-->
<item obj="btool">
<common>
<help>
<header><![CDATA[View or validate Splunk configuration files, taking into account configuration file layering and user/app context.
]]></header>
<optional>
<arg name="--user=SPLUNK_USERNAME"><![CDATA[View the configuration data visible to the given user]]></arg>
<arg name="--app=SPLUNK_APP"><![CDATA[View the configuration data visible from the given app]]></arg>
<arg name="--dir=DIR"><![CDATA[Read configuration data from the given absolute path instead of $SPLUNK_HOME/etc]]></arg>
<arg name="--debug"><![CDATA[Print and log extra debugging information]]></arg>
</optional>
<syntax><![CDATA[btool <CONF_FILE> list [options]
btool check [options]]]></syntax>
<examples>
<ex><![CDATA[./splunk btool server list]]></ex>
<ex><![CDATA[./splunk btool savedsearches list --user=admin --app=search]]></ex>
<ex><![CDATA[./splunk btool check]]></ex>
</examples>
</help>
</common>
</item>
<!-- "./splunk _internal make-splunkweb-certs-and-var-run-merged" -->
<item obj="make-splunkweb-certs-and-var-run-merged">
<cmd name="_internal">
<help>
<title><![CDATA[This documents an internal command which is called automatically for Windows when you start Splunk. It does not apply to other platforms. It checks the splunkweb ssl settings for changed configurations to apply, generates certs, etc. These are typically done when you use "splunk start", but are not done if you start the service directly on Windows (from services.msc or command line).]]></title>
<syntax><![CDATA[_internal make-splunkweb-certs-and-var-run-merged]]></syntax>
<required/>
<optional/>
<examples>
<ex><![CDATA[splunk _internal make-splunkweb-certs-and-var-run-merged]]></ex>
</examples>
</help>
</cmd>
</item>
<!-- "./splunk bucket-maint", alias for "./splunk _internal call <path>" -->
<item obj="roll-hot-buckets">
<cmd name="bucket-maint">
<help>
<title><![CDATA[Manually roll hot buckets to warm in the specified index. Verifies that the index exists before continuing.]]></title>
<syntax><![CDATA[bucket-maint roll-hot-buckets -index <name> ]]></syntax>
<required>
<arg name="index"><![CDATA[The name of the index]]></arg>
<arg name="auth"><![CDATA[If not logged in, authenticate with <username>:<password>]]></arg>
</required>
<optional>
<arg name="f"><![CDATA[Forces the bucket roll. This action cannot be undone, so using -f is not recommended in all cases.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk bucket-maint roll-hot-buckets -index main]]></ex>
<ex><![CDATA[./splunk bucket-maint roll-hot-buckets -f -index main -auth admin:changeme]]></ex>
</examples>
</help>
</cmd>
</item>
<item obj="rebuild-metadata">
<cmd name="bucket-maint">
<help>
<title><![CDATA[Manually rebuild metadata in the specified index.]]></title>
<syntax><![CDATA[bucket-maint rebuild-metadata -index <name> ]]></syntax>
<required>
<arg name="index"><![CDATA[The name of the index]]></arg>
<arg name="auth"><![CDATA[If not logged in, authenticate with <username>:<password>]]></arg>
</required>
<optional>
<arg name="f"><![CDATA[Forces the rebuild on the index. This action cannot be undone, so using -f is not recommended in all cases.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk bucket-maint rebuild-metadata -f -index main]]></ex>
<ex><![CDATA[./splunk bucket-maint rebuild-metadata -index main -auth admin:changeme]]></ex>
</examples>
</help>
</cmd>
</item>
<item obj="rebuild-bucket-manifests">
<cmd name="bucket-maint">
<help>
<title><![CDATA[Manually rebuild bucket manifests in the specified index.]]></title>
<syntax><![CDATA[bucket-maint rebuild-bucket-manifest -index <name> ]]></syntax>
<required>
<arg name="index"><![CDATA[The name of the index]]></arg>
<arg name="auth"><![CDATA[If not logged in, authenticate with <username>:<password>]]></arg>
</required>
<optional>
<arg name="f"><![CDATA[Forces the rebuild on the index. This action cannot be undone, so using -f is not recommended in all cases.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk bucket-maint rebuild-bucket-manifests -f -index main]]></ex>
<ex><![CDATA[./splunk bucket-maint rebuild-bucket-manifests -index main -auth admin:changeme]]></ex>
</examples>
</help>
</cmd>
</item>
<item obj="rebuild-metadata-and-manifests">
<cmd name="bucket-maint">
<help>
<title><![CDATA[Manually rebuild bucket manifests and metadata in the specified index.]]></title>
<syntax><![CDATA[bucket-maint rebuild-metadata-and-manifests -index <name> ]]></syntax>
<required>
<arg name="index"><![CDATA[The name of the index]]></arg>
<arg name="auth"><![CDATA[If not logged in, authenticate with <username>:<password>]]></arg>
</required>
<optional>
<arg name="f"><![CDATA[Forces the rebuild on the index. This action cannot be undone, so using -f is not recommended in all cases.]]></arg>
</optional>
<examples>
<ex><![CDATA[./splunk bucket-maint rebuild-metadata-and-manifests -f -index main]]></ex>
<ex><![CDATA[./splunk bucket-maint rebuild-metadata-and-manifests -index main -auth admin:changeme]]></ex>
</examples>
</help>
</cmd>
</item>
<item obj="start" synonym="control" />
<item obj="stop" synonym="control" />
<item obj="restart" synonym="control" />
<item obj="controls" synonym="control" />
<item obj="splunkd" synonym="control" />
<item obj="splunkweb" synonym="control" />
<item obj="control">
<common>
<help>
<header><![CDATA[ Start and stop Splunk server processes, or show process status.
]]></header>
<syntax><![CDATA[start
stop
restart [splunkweb]
status ]]></syntax>
<optional>
<arg name="--accept-license"><![CDATA[(FOR START ONLY) For a first-time Splunk start, automatically accept the license without prompt.]]></arg>
<arg name="--answer-yes"><![CDATA[(FOR START ONLY) Answer yes to prompts at installation and upgrade.]]></arg>
<arg name="--debug"><![CDATA[(FOR START ONLY) Starts Splunk in verbose logging mode. This is not recommended. Read more about debug logging in the online documentation: http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/Enabledebuglogging]]></arg>
<arg name="-f"><![CDATA[(FOR STOP ONLY) Forces an immediate shutdown. This is not recommended.]]></arg>
<arg name="--no-prompt"><![CDATA[(FOR START ONLY) Exit on questions rather than wait for an answer.]]></arg>
<arg name="--seed-passwd"><![CDATA[(FOR START ONLY) Set an admin password during installation. This will be ignored if an etc/passwd or user-seed.conf is detected.
IMPORTANT: Be careful using this option; because the password will be visible in a process listing and command history.]]></arg>
<arg name="--gen-and-print-passwd"><![CDATA[(FOR START ONLY) Generates a random admin password and prints to stdout during installation. This flag is only valid if no admin password is set during installation.
IMPORTANT: Be careful using this flag; because the password will be printed to stdout.]]></arg>
</optional>
<examples>
<ex><![CDATA[start --accept-license]]></ex>
<ex><![CDATA[start --seed-passwd 'A5tr0nGp@sS']]></ex>
<ex><![CDATA[start --no-prompt --gen-and-print-passwd]]></ex>
<ex><![CDATA[restart splunkweb -auth gwb:d3cidr]]></ex>
<ex><![CDATA[status]]></ex>
</examples>
</help>
</common>
</item>
<item obj="spool">
<common>
<help>
<header><![CDATA[ Add a file to Splunk by reading the input source once.]]></header>
<syntax><![CDATA[spool <source>]]></syntax>
<required>
<arg name="source"><![CDATA[path or file to be indexed]]></arg>
</required>
<examples>
<ex><![CDATA[./splunk spool /tmp/logs.tgz]]></ex>
</examples>
</help>
</common>
</item>
<item obj="version">
<common>
<help>
<header><![CDATA[ Display Splunk's version and build number.
Syntax:
version
]]>
</header>
</help>
</common>
</item>
<item obj="server-status" synonym="status" />
<item obj="status">
<common>
<help>
<header><![CDATA[
Show the status of Splunk's processes.
Objects:
NONE shows splunkd's status and reports process ID
]]>
</header>
<syntax><![CDATA[status]]></syntax>
</help>
</common>
</item>
<item obj="settings">
<common>
<help>
<header><![CDATA[
Set or show current values for settings of your Splunk installation.
Syntax:
set [object][-parameter <value> | <value>]
show [object][<value>]
Objects:
(For set ONLY)
server-type change modes of server configuration files
(This is an ADVANCED setting and should not be changed without
consulting Splunk Support first)
(For show ONLY)
config show the details of a specified conf file.
(NOTE: this command will only work if the file exists in the location
specified by $SPLUNK_HOME/etc/system/default/conf.conf)
jobs show information for the specified asynchronous search
(For both set and show)
datastore-dir set or show which directory is used for Splunk's datastore
deploy-poll enable the deployment client and set the deployment server uri to poll
default-hostname set or show the default host name used for all data inputs
default-index set the default search index(es) for a given role; show default search
index(es) for the role this user belongs to (command is deprecated and
may be removed in the future)
minfreemb set or show the minimum free disk space threshold (if free space falls
below this amount Splunk stops indexing data)
servername set or show the servername used in a distributed search
splunkd-port change the port that the Splunk daemon (splunkd) listens on
web-port change the port that Splunk Web listens on
kvstore-port change the port that the Splunk KV Store listens on
appserver-ports change the ports that the Splunk application server listens on
(These ports are only bound to the loopback interface. Typically
only one port is specified in this list)
Required Parameters:
Note: Both IPv4 and IPv6 formats are supported for specifying an IP address, for example:
127.0.0.1:80 or "[2001:db8::1]:80". By default, splunkd listens on IPv4 only. To enable
IPv6 support, refer to the instructions in:
http://docs.splunk.com/Documentation/Splunk/latest/Admin/ConfigureSplunkforIPv6
(For set ONLY)
datastore-dir <value> path to new datastore directory
deploy-poll uri deployment server ip:port to poll for deployment class
updates
default-hostname value new host name to use
default-index value one or list of indexes; if multiple, delimit each value
with a comma
role specify a role (admin, power, user) that can view the
default index
minfreemb minspace new number of megabytes
servername <name> new distributed search name for the server
splunkd-port <port> new port that splunkd should listen on
web-port <port> new port that Splunk Web should listen on
kvstore-port <port> new port that Splunk KV Store should listen on
appserver-ports <ports> new comma-separated list of ports that the Splunk
application server should listen on
(For show ONLY)
jobs <id> the job id for the asynchronous search
name <name> the name of the conf file, without the file extension
]]>
</header>
<examples>
<ex><![CDATA[./splunk set default-index mambo,rambo,kambo -role admin]]></ex>
<ex><![CDATA[./splunk set servername mysplunk]]></ex>
<ex><![CDATA[./splunk set datastore-dir /media/san]]></ex>
<ex><![CDATA[./splunk set deploy-poll -uri 10.1.1.5:8089]]></ex>
<ex><![CDATA[./splunk set deploy-poll 10.1.1.5:8089]]></ex>
<ex><![CDATA[./splunk set web-port 5654]]></ex>
<ex><![CDATA[./splunk show config -name server]]></ex>
<ex><![CDATA[./splunk show default-index ]]></ex>
<ex><![CDATA[./splunk show jobs 1240007498.2 ]]></ex>
<ex><![CDATA[./splunk show minfreemb ]]></ex>
</examples>
</help>
</common>
</item>
<item obj="tools">
<common>
<help>
<header><![CDATA[
Useful commands to help your Splunk server. These commands don't require Splunk to be running,
and don't reconfigure any of your Splunk settings.
Syntax:
anonymize source [-parameter <value>]...
validate object [-parameter <value>]
Objects:
source the source that anonymize will perform action on
(For validate ONLY)
index index to check for correctness
Optional Parameters:
For a complete list of parameters, type "./splunk help [command|object]" to get a specific list.
]]>
</header>
<syntax><![CDATA[cmd <command> [parameters...]]]></syntax>
</help>
</common>
</item>
<item obj="search">
<common>
<help>
<header><![CDATA[ Splunk searches can retrieve events or generate reports.
Complex searches are constructed by stringing commands together
with a pipe "|" operator. For more information about search and
search syntax, see our online documentation at:
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/AboutCLIsearches
Syntax:
search [object][-parameter <value>]
Note: Parameters that take Boolean values support {0, false, f, no} as
negatives and {1, true, t, yes} positives.
Objects:
Search objects are enclosed in single quotes (' ') and can be keywords,
expressions, or a series of search commands.
Optional Parameters:
app appname specify an app context to run the search
batch true indicates how to handle updates in preview mode.
Defaults to false.
detach true triggers an asynchronous search and displays
the job id and ttl for the search.
header false indicates whether to display a header in the table
output mode.
max_time number the length of time in seconds that a search job
runs before it is finalized. Defaults to 0, which
means no time limit.
maxout number the maximum number of events to return or send to
stdout (when exporting events). Setting this to 0
means it will output an unlimited number of events.
The max allowable value is 50k. Defaults to 100.
output value indicates how to display the job. Choices are:
rawdata, table, csv, raw, and auto. If not specified,
defaults to rawdata for non-transforming searches
and table for transforming searches.
preview false indicates that reporting searches should be
previewed. Defaults to true.
timeout number the length of time in seconds that a search job
is allowed to live after running. Defaults to 0,
which means the job is cancelled immediately after
it is run.
wrap false indicates whether to line wrap for individual lines
that are longer than the terminal width. Defaults
to true.
workload_pool value the name of the workload-pool for the search to run in.
See what search language is available for use in the CLI by using these
help commands:
search-fields a full list of search fields
search-modifiers a full list of search modifiers
search-commands a full list of usable search commands
Examples:
./splunk search '*' -detach true
./splunk search 'eventtype=webaccess error' -wrap 0
./splunk search 'eventtype=webaccess error' -detach true
]]>
</header>
</help>
</common>
</item>
<!-- check-rawdata-format command to see if journal.gz files are corrupt -->
<item obj="check-rawdata-format">
<common>
<help>
<header><![CDATA[check-rawdata-format verifies that splunk can unpack and understand the 'rawdata' files in index buckets.
About:
Splunk stores data in indexes, and each index consists of a series of buckets, implemented as directories.
Buckets contain several types of data, but the data category which is
expected to contain a complete record of the bucket's facts is called
rawdata, and the other types of data (index files, manifests, metadata,
etc) can be reconstructed as needed from the rawdata.
A bucket's rawdata, at rest, typically consists of a journal.gz, with a
slices manifest necessary to use it for searching. There can be additional
uncompressed numerical files along side the journal.gz, but these should
occur only when the bucket is being constructed, and this command does not
validate those short-lived uncomprssed files
This command verifies that Splunk can unpack the journal.gz correctly (that
it is a valid gzip file), and that Splunk can understand the records stored
in the journal.gz. Note that this does not guarantee the records are
correct (unchanged, written without error), but most forms of hardware,
and operating flaws, as well as many classes of possible Splunk mishandling
will be identified by simply verifying the format is intact.
It's expected this command is most useful in a troubleshooting scenario,
but it might be useful prior to deciding how to proceed with a rebuild
scenario.
Flags:
check-rawdata-format -bucketPath <path_to_bucket> [-verbose]
check-rawdata-format -index <indexname> [-verbose]
check-rawdata-format -allindexes [-verbose]
Respectively, you can choose to check the rawdata format in a specific
bucket, all bucket in an index, or all buckets in all indexes.
Addendum:
If you need more advance bucket filtering and selection, please see:
splunk cmd splunkd fsck
]]>
</header>
</help>
</common>
</item>
<!-- check-integrity command to validate the integrity of rawdata (journal.gz) for the buckets which were created with enableDataIntegrityControl setting -->
<item obj="check-integrity">
<common>
<help>
<header><![CDATA[check-integrity verifies the integrity of the bucket(s) which were created with 'Data Integrity Control' enabled.
Buckets created by enabling 'Data Integrity Control' feature will have hashes computed on every slice of the rawdata and written to hash files as well as the journal of the bucket. Whenever user invokes this command on a bucket or index, splunk validates the integrity of the rawdata by computing hash on every rawdata slice & comparing with the previous known/stored value. If any mismatch found, splunk reports the slice# that was possibly tampered with. For further details, please refer to 'Data Integrity Control' feature on latest documentation.
Flags:
check-integrity -bucketPath <path_to_bucket> [-verbose]
check-integrity -index <indexname> [-verbose]
]]>
</header>
<syntax><![CDATA[check-integrity -bucketPath <path-to-bucket>]]></syntax>
<optional>
<arg name="verbose"><![CDATA[Displays the output of the command in verbose mode.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk check-integrity -bucketPath <path-to-bucket>']]></ex>
<ex><![CDATA['./splunk check-integrity -index main']]></ex>
</examples>
</help>
</common>
</item>
<item obj="generate-hash-files">
<common>
<help>
<header><![CDATA[(Re)Generates the hash files for the bucket(s) which were created with 'Data Integrity Control' feature enabled.
Buckets created while the 'Data Integrity Control' feature is enabled will have hashes computed on every slice of the rawdata journal, as well as an additional summary hash file per bucket. When a user invokes this command on a bucket or index, splunk (re)generates the hash files by extracting the hashes embedded inside the journal. For further details, please refer to the 'Data Integrity Control' feature in the Splunk documentation
Note: This command will not operate on hot bucket(s) where data is currently being written to.
Flags:
generate-hash-files -bucketPath <path_to_bucket> [-verbose]
generate-hash-files -index <indexname> [-verbose]
]]>
</header>
<syntax><![CDATA[generate-hash-files -bucketPath <path-to-bucket>]]></syntax>
<optional>
<arg name="verbose"><![CDATA[Displays the output of the command in verbose mode.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk generate-hash-files -bucketPath <path-to-bucket>']]></ex>
<ex><![CDATA['./splunk generate-hash-files -index main']]></ex>
</examples>
</help>
</common>
</item>
<!-- enable|disable|display dist-search -->
<item obj="dist-search">
<common>
<help>
<header><![CDATA[distribute searches to other peers]]></header>
<syntax><![CDATA[[enable|disable|display] dist-search]]></syntax>
<examples>
<ex><![CDATA['./splunk enable dist-search']]></ex>
<ex><![CDATA['./splunk disable dist-search']]></ex>
<ex><![CDATA['./splunk display dist-search']]></ex>
</examples>
</help>
</common>
<cmd name="enable">
<help>
<title><![CDATA[enable distributed search]]></title>
</help>
</cmd>
<cmd name="disable">
<help>
<title><![CDATA[disable distributed search]]></title>
</help>
</cmd>
<cmd name="display">
<help>
<title><![CDATA[display distributed search status]]></title>
</help>
</cmd>
</item>
<!-- merge-buckets -->
<item obj="merge-buckets">
<common>
<help>
<header><![CDATA[Merge buckets command usage: ./splunk merge-buckets]]></header>
<required>
<arg name="index"><![CDATA[The name of the index]]></arg>
</required>
<syntax><![CDATA[$SPLUNK_HOME/bin/splunk merge-buckets --index-name=<index_name> ]]></syntax>
<examples>
<ex><![CDATA['./splunk merge-buckets --index-name=small-buckets']]></ex>
<ex><![CDATA['./splunk merge-buckets --help']]></ex>
<ex><![CDATA['./splunk merge-buckets --listbuckets --help']]></ex>
</examples>
</help>
</common>
<cmd name="">
<help>
<required>
<arg name="--index-name"><![CDATA[The index that contains the buckets you want to merge.]]></arg>
</required>
<optional>
<arg name="--buckets"><![CDATA[The list of buckets you want to merge, separated by a comma.]]></arg>
<arg name="--filter"><![CDATA[When specified, this option will filter out the list of buckets provided using --buckets.]]></arg>
<arg name="--json-out"><![CDATA[Format stdout as JSON.\n]]></arg>
<arg name="--debug"><![CDATA[Enable debug mode.]]></arg>
<arg name="--min-size"><![CDATA[Minimum size of buckets to be created. Default value is 750, use bucketMerge.minMergeSizeMB in indexes.conf to change default value.]]></arg>
<arg name="--max-size"><![CDATA[Maximum size of buckets to be created. Default value is 1000, use bucketMerge.maxMergeSizeMB in indexes.conf to change default value.]]></arg>
<arg name="--max-timespan"><![CDATA[The maximum timespan allowed for buckets to be merged in a single bucket. Default value is 7776000 (90 days), use bucketMerge.maxMergeTimeSpanSecs to change default value.]]></arg>
<arg name="--max-count"><![CDATA[The maximum number of buckets to merge. Default: 24.]]></arg>
<arg name="--dryrun"><![CDATA[Use 'dryrun' to preview the behavior of your merge-bucket settings and bucket selections without performing any actions. The results are sent to stdout.]]></arg>
<arg name="--startdate"><![CDATA[Use 'startdate' to merge buckets created between now and the time chosen.]]></arg>
<arg name="--enddate"><![CDATA[Use 'enddate' to merge buckets created prior to the time chosen.]]></arg>
<arg name="--listbuckets"><![CDATA[Lists the most recently merged <number> of buckets in the index homePath.Use '0' to display all merged buckets found.]]></arg>
</optional>
<examples>
<ex><![CDATA['./splunk merge-buckets --index-name=small-buckets']]></ex>
<ex><![CDATA['./splunk merge-buckets --help']]></ex>
<ex><![CDATA['./splunk merge-buckets --listbuckets --help']]></ex>
</examples>
</help>
</cmd>
</item>
</root>
Reference in new issue View Git Blame Copy Permalink