Splunk® Data Stream Processor

Function Reference

On April 3, 2023, Splunk Data Stream Processor will reach its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

How to use the Function Reference

This manual serves as a reference guide for available functions. This manual contains function input and output, arguments, descriptions, and examples for usage.

Streaming function format

Each streaming function topic contains the following sections: Description, Function Input, Function Output, Syntax, UI Examples, and a DSL example.

Description
Describes what the function is used for. This section might include details about how to use the function.
Function Input
The function input is what the streaming data looks like before entering this function. For example, collection<record<R>> means that data enters this function as a collection of records with schema <R>. A collection is a list of records.
Function Output
The function output is what the streaming data looks like after entering this function. For example, collection<record<S>> means that data exits this function as a collection of records with schema <S>. A collection is a list of records.
Arguments
The arguments section includes the valid inputs, descriptions, and a UI example of what you can put in each function argument.
DSL Example
This section includes a DSL example which is a programmatic way to express each function.

Scalar function format

Each scalar function is categorized into categories depending on the function's usage. Each scalar function contains the following sections: Description, Function Input, Function Output, Syntax, and an example. Because scalar functions operate in the context of streaming functions, the scalar function examples may include a streaming function that its operating within.

Description
Describes what the function is used for. This section might include details about how to use the function.
Function Input
The function argument's data type, ex: number.
Function Output
The function output's data type, ex: string.
DSL Example
This section includes a DSL example of the function. Because scalar functions operate in the context of streaming functions, the scalar function examples may include a streaming function that its' operating within. For example, aggregate(windowed, average(get("time_taken")));: Because aggregation scalar functions are only valid within the Aggregate and the Aggregate and Trigger streaming functions, the DSL example of this function show's it being used within the aggregate function where windowed represents the stream of data entering the aggregate function.
Last modified on 02 January, 2020
Functions by category   Aggregate

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters