This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Extreme search commands
| Search command | Description |
|---|---|
| xsWhere | Used to match a concept within a specified context, and determine compatibility. | xsWhere AirTime IS minimal OR AirTime IS short |
| xsFindBestConcept | Used when evaluating a search count and comparing the count to a context. The closest match returns the term used by the concept. The key security indicators use this command. | xsFindBestConcept Height FROM MyHeight |
| xsUpdateDDContext | Used to update a data-defined context. A scheduled report that calls "xsUpdateDDContext" builds a context that represents a historical view. |xsUpdateDDContext in app=<app> name=<context> container=<container> scope=app |
| xsListContexts | Used to list all contexts in a container | xsListContexts in <container> |
| xsListConcepts | Used to list all concepts in a context | xsListConcepts from <context> in <container> |
| xsDisplayContext | Used to display the range of values in a context, including the terms used in the concept: | xsDisplayContext <context> IN <container> |
| xsDisplayConcept | Used to display the range of values used for a concept: | xsDisplayConcept <concept> from <context> in <container> | xsDisplayConcept <hedge> <concept> from <context> in <container> |
With the Extreme Search app installed, the full command reference is found in the user interface at http://<host>:8000/splunk-es/en-US/app/Splunk_SA_ExtremeSearch/command_reference.
Last modified on 16 October, 2019
| Extreme search example in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1
Download manual
Feedback submitted, thanks!