About the search language
The Splunk Search Processing Language (SPL) encompasses all the search commands and their functions, arguments and clauses. Search commands tell Splunk software what to do to the events you retrieved from the indexes. For example, you need to use a command to filter unwanted information, extract more information, evaluate new fields, calculate statistics, reorder your results, or create a chart.
Some search commands have functions and arguments associated with them. Use these functions and their arguments to specify how the commands act on your results and which fields they act on. For example, you can use functions to format the data in a chart, describe what kind of statistics to calculate, and specify what fields to evaluate. Some commands also use clauses to specify how to group your search results.
To get familiar with SPL, read these topics in this manual:
For more details on SPL syntax, see Understanding SPL syntax, in the Search Reference.
For information about functions, see
- Evaluation functions in the Search Reference
- Statistical and charting functions in the Search Reference
Navigating Splunk Web | Types of searches |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2203, 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 9.0.2208, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!