New search commands

New search commands

Some of these commands lack full examples. This is because they aren't fully implemented or are still in a beta state. Feel free to try any of these commands, and comment on the documentation to point something out that you'd like to see added or improved.

Conventions used in this reference

Syntax conventions

command argument ... [argument] ...

• Commands are in bold.
• Any bolded (and not italicized) character in the command syntax is a required term for the expression.
• Required arguments are italicized (and can be bold).
• Optional arguments are in [brackets].
• " ... " means that many arguments can be inserted.
• Arguments are defined in a table.

argument=

syntax and value(default value)

Description, and usage.

• Default values are shown in parentheses ( ).
• Arguments that have a table of options associated with them are italicized and in bold (argument).
• " | " is used as a logical OR.
• T | F = True OR False.

Other conventions

• Command examples that are applicable to SplunkWeb are shown in a mock-up of a search bar.

• Command examples that are applicable to the Splunk command line (CLI) are shown in indented fixed-width font.

extract

Note: This is not a new command, this is an updated reference for the existing command. extract has new arguments (kvdelim and pairdelim), to expand its functionality.

iplocation

This data-processing command searches for IP addresses in the raw event data. The processor then looks up the IP location using the "hostip.info" database. It will extract and output the IP addresses with associated city/country based on the database's information.

Syntax

iplocation [max-inputs]

Arguments

max-inputs=

maxinputs=integer

Set the maximum number of events that iplocation will process.

Examples

• Searches for 404 errors on the host webserver1. Then takes the first 20 results found, and determines if IP addresses are found, and outputs the IP addresses with location data for each result.

• Was this topic useful?
• Post a comment