Scribd
Upload
431 views2 pages

Splunk SPL Commands

The document outlines various Splunk SPL commands categorized into search, transforming, filtering & formatting, data enrichment, join & subsearch, data modification, and miscellaneous commands. Each command is briefly described, highlighting its purpose, such as retrieving events, filtering results, calculating statistics, and modifying data. This serves as a reference for users to understand and utilize different SPL commands effectively.

Uploaded by

chakravarthy.tentu3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
431 views2 pages

Splunk SPL Commands

The document outlines various Splunk SPL commands categorized into search, transforming, filtering & formatting, data enrichment, join & subsearch, data modification, and miscellaneous commands. Each command is briefly described, highlighting its purpose, such as retrieving events, filtering results, calculating statistics, and modifying data. This serves as a reference for users to understand and utilize different SPL commands effectively.

Uploaded by

chakravarthy.tentu3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Splunk SPL (Search Processing Language) Commands

Search Commands
- search: Retrieves events from indexes.

- where: Filters search results using eval expressions.

- fields: Includes or excludes fields from search results.

- sort: Sorts search results by the specified fields.

- table: Displays results in a table format.

- dedup: Removes duplicate events based on specified fields.

Transforming Commands
- stats: Calculates aggregate statistics (count, avg, sum, etc.).

- chart: Creates a chart from search results.

- timechart: Creates a time-based chart from results.

- top: Returns the most common values of a field.

- rare: Returns the least common values of a field.

Filtering & Formatting Commands


- head: Returns the first N results.

- tail: Returns the last N results.

- rename: Renames fields in the results.

- eval: Calculates expressions and adds fields.

- rex: Extracts fields using regular expressions.

Data Enrichment Commands


- lookup: Adds fields from an external file or KV store.

- inputlookup: Returns data from a lookup table.

- outputlookup: Saves search results to a lookup table.


- geostats: Aggregates geographic data for visualization.

Join & Subsearch Commands


- join: Combines results from two searches based on a common field.

- append: Appends results from a subsearch.

- appendcols: Appends fields from subsearch as columns.

Data Modification Commands


- replace: Replaces field values.

- fillnull: Replaces null values with a given value.

- makemv: Converts a single value into a multivalue field.

- mvexpand: Expands multivalue fields into separate events.

Miscellaneous Commands
- transaction: Groups events into transactions.

- eventstats: Adds aggregate stats to raw events.

- streamstats: Calculates statistics on a per-event basis.

- tstats: Performs accelerated statistical queries.

You might also like