Documentation > Splunk > Search Reference > Popular search commands

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

Popular search commands

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Popular search commands

The following tables lists the more frequently used Splunk search commands. Some of these commands share functions -- you can see a list of these functions with descriptions and examples on the following pages: Functions for eval and where and Functions for stats, chart, and timechart.

Command Alias(es) Description See also
bucket bin, discretize Puts continuous numerical values into discrete sets. chart, timechart
chart Returns results in a tabular output for charting. See also, Functions for stats, chart, and timechart. bucket, sichart, timechart
dedup Removes subsequent results that match a specified criteria. uniq
eval Calculates an expression and puts the value into a field. See also, Functions for eval and where. where
extract kv Extracts field-value pairs from search results. kvform, multikv, xmlkv, rex
fields Removes fields from search results.
head Returns the first number n of specified results. reverse, tail
lookup Explicitly invokes field value lookups.
multikv Extracts field-values from table-formatted events.
rangemap Sets RANGE field to the name of the ranges that match.
rare Displays the least common values of a field. sirare, stats, top
rename Renames a specified field; wildcards can be used to specify multiple fields.
replace Replaces values of specified fields with a specified new value.
rex Specify a Perl regular expression named groups to extract fields while you search. extract, kvform, multikv, xmlkv, regex
search Searches Splunk indexes for matching events.
sort Sorts search results by the specified fields. reverse
stats Provides statistics, grouped optionally by fields. See also, Functions for stats, chart, and timechart. eventstats, top, rare
tail Returns the last number n of specified results. head, reverse
timechart Create a time series chart and corresponding table of statistics. See also, Functions for stats, chart, and timechart. chart, bucket
top common Displays the most common values of a field. rare, stats
transaction transam Groups search results into transactions.
where Performs arbitrary filtering on your data. See also, Functions for eval and where. eval
xmlkv Extracts XML key-value pairs. extract, kvform, multikv, rex
Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0/SearchReference/ListOfPopularSearchCommands"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.