Search command questions
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Contents
Search command questions
This topic tries to help you find the search commands you can use to accomplish your tasks, whether it's building a specific report or reformatting your search results. So, what do you want to do?
I'm building a statistical report and i want to...
The chart, timechart, and stats search commands are all designed to work with statistical operators, such as count(), min(), max(), etc. For the complete list of operators, refer to Functions for stats, chart, and timechart in the Search reference manual.
| Create a chart that displays trends over time. | timechart |
| Create a chart that displays any series of data. | chart |
| Display the most and least common values of fields. | top, rare |
| Display summary statistics of field values. | stats |
I want to manipulate my search results to...
| Remove duplicates of results based on a field value. | dedup |
| Reorder the search results. | reverse, sort |
| Keep search results that match this regular expression. | regex |
| Create new events for each value of a multi-value field. | mvexpand |
I can't find exactly what I want, so now what?
Splunk provides many search commands, but it also lets you customize or create your own search commands. After you create a new command, you can also integrate information about it into Splunk's search assistant. Read more about writing custom search commands in the Search Reference manual.
This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.