Splunk® Data Stream Processor

Function Reference

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

How to use the Function Reference

This manual serves as a reference guide for available functions. This manual contains function input and output, arguments, descriptions, and examples for usage.

Streaming function format

Each streaming function topic contains the following sections: Description, Function Input/Output, Syntax, Required arguments, Optional arguments, and an SPL2 example.

Description
Describes what the function is used for. This section might include details about how to use the function. For more complex functions, there might be a separate Usage section.
Function Input/Output Schema
The function input is what the streaming data looks like before entering this function. For example, collection<record<R>> means that data enters this function as a collection of records with schema <R>. A collection is a list of records.
The function output is what the streaming data looks like after entering this function. For example, collection<record<S>> means that data exits this function as a collection of records with schema <S>. A collection is a list of records.
Syntax
Contains the required and optional arguments for the function. Required arguments are shown in bold and angle brackets. Optional arguments are enclosed in square brackets [ ]. Some functions have arguments that have a set of options that you can specify. Each of these sets of options follow the argument descriptions.
Required arguments
Displays the syntax and describes the required arguments.
Optional arguments
Displays the syntax and describes the optional arguments. Default values, if applicable, are also listed.
Usage
Contains additional information about using the function.
SPL2 Example
This section includes examples of how to use the function.

Scalar function format

Each scalar function is categorized into categories depending on the function's usage. Each scalar function contains the following sections: Description, Function Input, Function Output, Syntax, and an SPL2 example. Because scalar functions operate in the context of streaming functions, the scalar function examples may include a streaming function that its operating within.

Description
Describes what the function is used for. This section might include details about how to use the function.
Function Input
The function argument's data type, ex: number.
Function Output
The function output's data type, ex: string.
SPL2 Example
This section includes examples of how to use the function. Because scalar functions operate in the context of streaming functions, the scalar function examples may include a streaming function that its' operating within. For example, aggregate(windowed, average(get("time_taken")));: Because aggregation scalar functions are only valid within the stats and the Aggregate and Trigger streaming functions, the example of this function show's it being used within the aggregate function where windowed represents the stream of data entering the aggregate function.
Last modified on 28 July, 2020
PREVIOUS
Functions by category
  NEXT
SPL2 in DSP Primer

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.1.0, 1.2.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters