Splunk® Cloud Services

SPL2 Search Reference

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Introduction

The Search Processing Language (SPL) is a set of commands that you use to search your data.

There are two versions of SPL: SPL and SPL, version 2 (SPL2). This manual describes SPL2. SPL2 is a product-agnostic language that supports both SPL and SQL syntax patterns.

If you are looking for information about using SPL:
For Splunk Cloud Platform, see Search Reference in the Splunk Cloud Platform documentation.
For Splunk Enterprise, see Search Reference in the Splunk Enterprise documentation.

Where SPL2 is used?

Several Splunk products use SPL2:

  • Splunk Edge Processor
  • Splunk Search Experience preview

Splunk Data Stream Processor (DSP) uses a set of custom functions, some of which are similar to SPL2 commands and functions. See DSP functions by category in the Splunk Data Stream Processor Function Reference.

Learning SPL2

SPL2 makes the search language easier to use, removes infrequently used commands, and improves the consistency of the command syntax.

There are two Splunk manuals that contain information about SPL2:

SPL2 Search Reference
The SPL2 Search Reference (this manual) contains reference information about the SPL2 search commands, command syntax, data types, and functions.
SPL2 Search Manual
The SPL2 Search Manual contains information about how to use SPL2 commands effectively. You'll learn how to get started searching, how to use expressions and predicates, even how to add comments to your search strings.

Useful links to SPL2 documentation

The following list contains links to SPL2 getting started and quick reference information:

Last modified on 17 May, 2023
  NEXT
Understanding SPL2 Syntax

This documentation applies to the following versions of Splunk® Cloud Services: current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters