What's new
Commands
- HEC tokens — create, list, update, delete HTTP Event Collector tokens
- Doctor — connection, auth, health, and permissions check
- Search upload — ingest local files (CSV, JSON, JSONL) via HEC
- Detection-as-code — import/export saved searches as YAML
Improvements
- Remote app install via Splunk Web UI (no filesystem access needed)
- Lookup upload reliability fixes
- Curated
getoutput across all commands
Documentation
- Full docs site at splunkctl.danny.vn
- 14 command guides with examples
- Architecture diagrams (Mermaid)
- Dark/light theme, search, TOC sidebar
Install
pip install splunkctl
pip install git+https://github.com/dannyota/splunk-sdk-python@splunkctlThe second line installs the forked SDK which adds dashboard, lookup, and HEC token support. Without it, core commands (search, rules, alerts, indexes, inputs, apps, users) still work.