![]() ![]() For more information, see Extend and branch search statements in the SPL2 Search Manual. You can create custom functions and store them in the same module with your search statements.įor example, you can create a main search and branch or extend that search into other searches, or you can create other unrelated searches in the same module. This means that you can quickly switch back and forth between these searches and search results. Unlike the current Search and Reporting app, an SPL2 module can contain multiple searches and other SPL2 statements in one module. There are different kinds of datasets, including indexes, lookups, and search results.įor more information, see Modules and SPL2 statements in the SPL2 Search Manual. There are several different SPL2 statements:Ī dataset is a collection of data that you want to search or that contains the results from a search. ![]() SPL2 statements are searches and other types of data-related code. In addition, you can create custom functions (like macros) and custom data types to use in your searches and store all of these items with your searches in a single module. This means that you can quickly switch back and forth between the searches and search results inside a single module. Unlike the search bar used with SPL, a module can contain multiple searches and other SPL2 statements in one place. While working with SPL2 you will encounter a few new terms and concepts, which are described in the following table:Ī module is like a file that contains one or more related SPL2 statements. In SPL2, there are 4 topics for each command. In SPL, there is one topic for each command that describes the syntax and shows examples. ![]() See Use search literals to include SPL commands in SPL2 searches in the SPL2 Search Manual. If the SPL command is not supported in the SPL compatibility library, you can specify the SPL command in your SPL2 search by using a search literal. SPL commands are enclosed in backtick ( ` ) characters and passed to splunkd. See Compatibility library for SPL commands as functions If the SPL command and it's options are supported in the SPL compatibility library, import the library into your SPL2 module. If you are familiar with SPL, the following sections summarize the changes implemented with SPL2.įor SPL commands that are not natively supported in SPL2, you can use one of the following alternatives to use SPL commands in your SPL2 searches:Ī set of SPL commands implemented as SPL2 command functions. Common command differences are described later in this topic. SPL2 introduces a few new commands, including branch, into, and thru.Ĭommand-specific differences are described in the usage topic for each SPL2 command.Several SPL commands have been converted to functions in SPL2, such as cluster and spath.Several of the SPL commands are enhanced in SPL2, such as stats, from, and join.SPL2 supports the most popular commands from SPL, such as stats, eval, timechart, and rex. The Search Processing Language, version 2 (SPL2) is a more concise language that supports both SPL and SQL syntax. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |