branch command syntax details
The required syntax is in bold.
- [<SPL-literal> | into <dataset> ],
- [<SPL-literal> | into <dataset> ] ...
Each branch is enclosed in square brackets and separated by commas.
- Syntax: <SPL-literal>
- Description: A snippet of fully-formed SPL that is complete enough to be run as a separate search.
- Syntax: <dataset-name>
- Description: The name of a lookup or splv1sink dataset. This can be a new dataset or an existing dataset. By default the
intocommand appends the search results to the dataset. To replace the data in the dataset with the data from the search, you must use the
mode=replaceargument with the
intocommand. The mode only applies to lookups. The mode is not used with datasets where the kind of dataset is spl1sink.
- Related information
- Dataset kinds in the SPL2 Search Manual
branch command overview
branch command usage
This documentation applies to the following versions of Splunk® Cloud Services: current