Administrative commands
This documentation does not apply to the most recent version of Splunk.
This documentation applies to the following versions of Splunk: 3.2 , 3.2.1 , 3.2.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 , 3.3 , 3.3.1 , 3.3.2 , 3.3.3 , 3.3.4 , 3.4 , 3.4.1 , 3.4.2 , 3.4.3 , 3.4.5 , 3.4.6 , 3.4.8 , 3.4.9 , 3.4.10 , 3.4.11 , 3.4.12 , 3.4.13
Administrative commands
Use administrative commands to view configuration information, audit information, run custom scripts, or perform other administrative functions.
admin
Return the values of a specified .conf file.
Syntax
admin configuration file
Arguments
| configuration file | .conf file name | Name of the .conf file to display. |
Examples
Splunk Web:
This example returns the values of the eventtypes.conf file.
| admin eventtypes
CLI:
This example returns authentication settings in auth.conf.
./splunk search "| admin auth | outputcsv"
This example returns processing properties - time zones, breaking characters, etc contained in props.conf.
./splunk search "| admin props | outputcsv"
audit
Use the audit search command to view audit trail information that is stored in the local audit index.
Syntax
audit
Arguments
None.
Examples
Splunk Web:
This example searches for all audit events.
index=auditThis example searches for all audit trail events where signing has been configured. You can pipe a search to the audit command, with some restrictions: you can narrow your search down to a time range, or constrain it by host. These restrictions are imposed because the audit search processor looks for sequential ID numbers in the decrypted data to determine if there is a gap in the audit events.
index=audit | audit
run
The run command makes calls to external perl or python programs that can modify or generate search results. It takes search results as inputs, and outputs the results of the script(s) called.
To disable the running of a script, delete the script out of the splunk_home/etc/searchscripts directory.
Syntax
run (perl OR python) script-name [script-argument] ... [script-argumentN] [maxinputs-arg]
Arguments
| script-name | script name | The name of the script to execute (minus the path and file extension). |
| script-argument | script arguments | An argument passed to the script. |
| maxinputs-arg | maxinputs=integer(100) | Specify a number of results to pass to the script. If no maxinputs is specified, run will pass up to 10,000 events to scripts. |
Examples
Splunk Web:
This example searches for events containing 404, and runs the python script= myscript. Then it sends the results in an email to email@site.com.
404 | run python myscript myarg1 myarg2 | sendemail to= email@site.com