Returns a list of the time ranges in which the search results were found. Loads events or results of a previously completed search job. Performs k-means clustering on selected fields.Īnomalies, anomalousvalue, cluster, outlierĮxtracts values from search results, using a form template. SQL-like joining of results from the main results pipeline with the results from the subpipeline. Loads search results from the specified CSV file.Įxtracts location information from IP addresses. Returns a history of searches formatted as an events list or as a table.Īdds sources to Splunk or disables sources from being processed by Splunk. Returns the first number n of specified results.Ĭauses Splunk Web to highlight specified terms. Generate statistics which are clustered into geographical bins to be rendered on a world map. Transforms results into a format suitable for display by the Gauge chart types. Retrieves data from a dataset, such as a data model dataset, a CSV lookup, a KV Store lookup, a saved search, or a table dataset. Takes the results of a subsearch and formats them into a single result. Run a templatized streaming subsearch for each field in a wildcarded field list.
Generates a list of suggested event types. Replaces null values with a specified value. Replaces NULL values with the last non-NULL value. Generates summary information for all or a subset of the fields.
Returns the number of events in an index.Īdds summary statistics to all search results.Įxtracts field-value pairs from search results.Įxpresses how to render a field at output time without changing the underlying value. See Functions for eval and where in the Splunk Enterprise Search Reference. Returns the difference between two search results.Īllows you to specify example or counter example values to automatically extract fields that have similar values.Įxtract, kvform, multikv, regex, rex, xmlkvĬalculates an expression and puts the value into a field. Removes subsequent results that match a specified criteria.Ĭomputes the difference in field value between nearby results.Īccum, autoregress, trendline, streamstats Returns information about the specified index. Uses a duration field to find the number of "concurrent" events for each event.īuilds a contingency table for two fields.Ĭonverts field values into numerical values.Ĭalculates the correlation between different fields. See Functions for stats, chart, and timechart in the Splunk Enterprise Search Reference.Īnomalies, anomalousvalue, cluster, kmeans, outlier Returns results in a tabular output for charting. Replaces a field value with higher-level grouping, such as replacing filenames with directories. Puts continuous numerical values into discrete sets. Sets up data for calculating the moving average.Īccum, autoregress, delta, trendline, streamstats Returns audit trail information that is stored in the local audit index. Keeps a running total of the specified numeric field.Īutoregress, delta, trendline, streamstatsĬomputes an event that contains sum of all numeric fields for previous events.Īdd fields that contain common information about the current search.Ĭomputes the sum of all numeric fields for each result.Īnalyze numerical fields for their ability to predict another discrete field.Ĭomputes an "unexpectedness" score for an event.įinds and summarizes irregular, or uncommon, search results.Īnalyzefields, anomalies, cluster, kmeans, outlierĪppends subsearch results to current results.Īppends the fields of the subsearch results to current results, first results to first result, second to second, etc.Īppends the result of the subpipeline applied to the current result set to results.įinds association rules between field values. Produces a summary of each search result. This topic links to the Splunk Enterprise Search Reference for each search command. The table below lists all of the commands that make up the Splunk Light search processing language sorted alphabetically
The search commands that make up the Splunk Light search processing language are a subset of the Splunk Enterprise search commands.