This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.0 , 3.0.1 , 3.0.2 , 3.1 , 3.1.1 , 3.1.2 , 3.1.3 , 3.1.4
Splunk Professional requires all commands to be authenticated. The API supports both per-command and per-session authentication.
Individual commands can be authenticated by including an authentication username and password. One parameter can specify both user and password, but note that the --auth command must come last on the command line. If either the username or password aren't specified, the command line prompts the user.
splunk search meta::all -auth admin:changeme splunk search meta::all -auth admin
Alternatively, users can use the "login" command to cache their auth credentials on the local filesystem securely. Auth tokens persist until a logout command is issued or the Splunk server is restarted.
splunk login splunk logout