Returns a history of searches formatted as an events list or as a table.Īdds sources to Splunk or disables sources from being processed by Splunk. Returns the first number n of specified results. Generate statistics which are clustered into geographical bins to be rendered on a world map.
Transforms results into a format suitable for display by the Gauge chart types. Takes the results of a subsearch and formats them into a single result. Run a templatized streaming subsearch for each field in a wildcarded field list. Generates a list of suggested event types.Ĭreates a higher-level grouping, such as replacing filenames with directories. Replaces null values with a specified value. Replaces NULL values with the last non-NULL value. Generates summary information for all or a subset of the fields.Īnalyzefields, anomalies, anomalousvalue, stats
Splunk commands examples how to#
Returns the number of events in an index.Īdds summary statistics to all search results.Įxtracts field-value pairs from search results.Įxpresses how to render a field at output time without changing the underlying value. Returns the difference between two search results.Īllows you to specify example or counter example values to automatically extract fields that have similar values.Įxtract, kvform, multikv, regex, rex, xmlkvĬalculates an expression and puts the value into a field. Removes subsequent results that match a specified criteria.ĭelete specific events or search results.Ĭomputes the difference in field value between nearby results.Īccum, autoregress, trendline, streamstats Returns information about the specified index. Uses a duration field to find the number of "concurrent" events for each event.īuilds a contingency table for two fields.Ĭonverts field values into numerical values.Ĭalculates the correlation between different fields.Ĭrawls the filesystem for new sources to index.Įxamine data model or data model object and search a data model object. Puts search results into a summary index.
See also, Statistical and charting functions.Īnomalies, anomalousvalue, cluster, kmeans, outlierįinds how many times field1 and field2 values occurred together. Returns results in a tabular output for charting. Replaces a field value with higher-level grouping, such as replacing filenames with directories. Puts continuous numerical values into discrete sets. Sets up data for calculating the moving average.Īccum, autoregress, delta, trendline, streamstats Returns audit trail information that is stored in the local audit index. Keeps a running total of the specified numeric field.Īutoregress, delta, trendline, streamstatsĬomputes an event that contains sum of all numeric fields for previous events.Īdd fields that contain common information about the current search.Ĭomputes the sum of all numeric fields for each result.Īnalyze numerical fields for their ability to predict another discrete field.Ĭomputes an "unexpectedness" score for an event.įinds and summarizes irregular, or uncommon, search results.Īnalyzefields, anomalies, cluster, kmeans, outlierĪppends subsearch results to current results.Īppendcols, appendcsv, appendlookup, join, setĪppends the fields of the subsearch results to current results, first results to first result, second to second, etc.Īppends the result of the subpipeline applied to the current result set to results.įinds association rules between field values. Produces a summary of each search result.
Splunk commands examples pro#
Desired to gain proficiency on Splunk? Explore the blog post on Splunk Training to become a pro in Splunk. There is a short description of the command and links to related commands. Here's an example:Įither method returns a field called ipclass that contains the class portion of the IP address.The table below lists all of the search commands in alphabetical order. You can use a forward slash ( / ), instead of quotation marks, to enclose the expression that contains a character class. You can escape the backslash character by adding another backslash, as shown in this example: You can specify the expression in one of two ways. However, the expression uses the character class \d. You want to extract the IP class from the IP address. In this example, the clientip field contains IP addresses. Regular expressions with character classes | rex field=ccnumber mode=sed "s/(\\d/XXXX-XXXX-XXXX-/g" 2. The \d must be escaped in the expression using a back slash ( \ ) character. In this example the first 3 sets of numbers for a credit card are masked.
Splunk commands examples series#
Use a to match the regex to a series of numbers and replace the numbers with an anonymized string to preserve privacy. To learn more about the rex command, see How the rex command works. The following are examples for using the SPL2 rex command.
0 kommentar(er)
