Splunk - Dashboards show more...

Splunk - Event Types show more...

Splunk - Basic Chart show more...

Splunk - Sparklines show more...

Splunk - SPLUNK

SPLUNK Index
Splunk - Home
Splunk - Sharing Exporting
Splunk - Time Range Search
Splunk - Field Searching
Splunk - Search Language
Splunk - Search Optimization
Splunk - Transforming Commands
Splunk - Reports
Splunk - Dashboards
Splunk - Pivot And Datasets
Splunk - Lookups
Splunk - Schedules And Alerts
Splunk - Knowledge Management
Splunk - Subsearching
Splunk - Search Macros
Splunk - Event Types
Splunk - Basic Chart
Splunk - Overlay Chart
Splunk - Sparklines

Latest Articles
XAMARIN - Xamarin - Deploying Your App
XAMARIN - Xamarin - Multiscreen App
REACT-NATIVE - React Native - Activityindicator

Most Viewed
Splunk - Environment
Splunk - Source Types
Splunk - Basic Search
Splunk - Dashboards
Splunk - Pivot And Datasets
Splunk - Lookups
Splunk - Schedules And Alerts
Splunk - Knowledge Management
Splunk - Search Macros
Splunk - Basic Chart
What Is System And Its Concepts | Characteristics And Types Of System
Difference Between Manual And Automated System - Manual System Vs Automated System
Anatomy Of A Computer
Characteristics Of The Database Approach
Types Of Documentation And Their Importance
Timing And Control
What Is Information Systems Analysis And Design?
Operating System Operations- Dual-Mode Operation, Timer
Purpose Of Database Systems
Memory-Reference Instructions - Sta, Lda And Bsa

Popular Subjects
System Analysis & Design
Aptitude,reasoning And Puzzles
Science
Operating System
Analog And Communication
Fundamental Of Computers And Programing In C
Computer Architecture
Database Management System
Finance And Acounting
Physics
Mongodb - Nosql Database
Computer Network
Anatomy
Fiitjee
Microprocessor And Architecture

Home > Splunk > Splunk - Search Language

Splunk - Search Language

<<
Splunk - Sharing Exporting

Splunk - Search Language

The Splunk Search Processing Language (SPL) is a language containing many commands, functions, arguments, etc., which are written to get the desired results from the datasets. For example, when you get a result set for a search term, you may further want to filter some more specific terms from the result set. For this, you need some additional commands to be added to the existing command. This is achieved by learning the usage of SPL.

Components of SPL

The SPL has the following components.

Search Terms − These are the keywords or phrases you are looking for.
Commands − The action you want to take on the result set like format the result or count them.
Functions − What are the computations you are going to apply on the results. Like Sum, Average etc.
Clauses − How to group or rename the fields in the result set.

Let us discuss all the components with the help of images in the below section −

Search Terms

These are the terms you mention in the search bar to get specific records from the dataset which meet the search criteria. In the below example, we are searching for records which contain two highlighted terms.

Commands

You can use many in-built commands that SPL provides to simplify the process of analysing the data in the result set. In the below example we use the head command to filter out only the top 3 results from a search operation.

Functions

Along with commands, Splunk also provides many in-built functions which can take input from a field being analysed and give the output after applying the calculations on that field. In the below example, we use the Stats avg() function which calculates the average value of the numeric field being taken as input.

Clauses

When we want to get results grouped by some specific field or we want to rename a field in the output, we use the group by clause and the as clause respectively. In the below example, we get the average size of bytes of each file present in the web_application log. As you can see, the result shows the name of each file as well as the average bytes for each file.

Frequently Asked Questions

Splunk - Sharing Exporting

Ans: Splunk - Sharing Exporting view more..

Splunk - Time Range Search

Ans: Splunk - Time Range Search view more..

Splunk - Field Searching

Ans: Splunk - Field Searching view more..

Splunk - Search Language

Ans: Splunk - Search Language view more..

Splunk - Search Optimization

Ans: Splunk - Search Optimization view more..

Splunk - Transforming Commands

Ans: Splunk - Transforming Commands view more..

Splunk - Reports

Ans: Splunk - Reports view more..

Splunk - Dashboards

Ans: Splunk - Dashboards view more..

Splunk - Pivot and Datasets

Ans: Splunk - Pivot and Datasets view more..

Splunk - Lookups

Ans: Splunk - Lookups view more..

Splunk - Schedules and Alerts

Ans: Splunk - Schedules and Alerts view more..

Splunk - Knowledge Management

Ans: Splunk - Knowledge Management view more..

Splunk - Subsearching

Ans: Splunk - Subsearching view more..

Splunk - Search Macros

Ans: Splunk - Search Macros view more..

Splunk - Event Types

Ans: Splunk - Event Types view more..

Splunk - Basic Chart

Ans: Splunk - Basic Chart view more..

Splunk - Overlay Chart

Ans: Splunk - Overlay Chart view more..

Splunk - Sparklines

Ans: Splunk - Sparklines view more..

Next Article >>
Splunk - Search Optimization

Thank you

you will get you notes soon

Having trouble in finding the notes for your syllabus?

Do you want to earn some cash? CLICK ME...

You have a question? thenWe will be Happy to Help You

Splunk - Search Language

Splunk - Search Language

Components of SPL

Search Terms

Commands

Functions

Clauses

Frequently Asked Questions

Recommended Posts:

You have a question? then
We will be Happy to Help You