Exporting module items using SPL2
You can share searches, custom functions, and custom data types with other users by exporting those items from an SPL2 module. To export an item you use an export statement.
When you export an item that was created in an SPL2 module, such as a search or function, you are taking a private item and making the item public. To use the exported item in another module, you must import the item into that module.
In addition to exporting items that are created inside an SPL2 module, you can also export items that have been imported into an module, such as a dataset.
Exporting search statements
When you export a search statement, the search is exported as a view.
A view is a reusable, named piece of SPL2. A view is a type of dataset that is like a saved search. When you export a search, you are not saving the search results as a dataset. You are saving the search that generates the dataset as a view. To learn more about views, see SPL2 Views.
Export statement syntax
The export statement syntax depends on whether you are exporting one or multiple items, and how you want to format the export statement
The export statement syntax is:
export <item_name> | { <item_name>, <item_name>, ...}
When specifying multiple items, you must enclose them in curly brackets { } and separate each item with a comma ( , ).
Export a search
In the module where the search resides, export the search by issuing an export statement.
Consider the following search:
$purchases = from main where status=200 AND action="purchase"
The following export statement shows how to export this search as a view:
export $purchases
This export statement is shorthand for specifying an alias:
export $purchases AS purchase
The dollar sign ( $ ) in front of the search name is not included in the view name.
In the following image, the purchases namespace contains two modules, Quarterly Purchases and annual_purchases. The Quarterly Purchases module contains a search statement called $purchases, and a function statement called isError. The $purchase search statement has been exported as a view called purchases. The isError function statement has also been exported.
Export multiple searches
To export multiple searches, enclose the list of searches in curly brackets { }.
For example:
export {$qtr1, $qtr2, $qtr3, $qtr4}
Alternatively, you can issue multiple export statements, for example:
export $qtr1 export $qtr2 export $qtr3 export $qtr4
Export and rename a search
To rename a search when you export it, use an AS clause.
When you export a search, you do not include the dollar symbol ( $ ) in the alias name.
For example:
export $transactions AS QTR1_transactions
The search is exported as a view dataset. You can specify the AS keyword in uppercase or lowercase in your statement. For readability, uppercase is used in this example.
Exporting functions
You can share custom functions with other users by exporting those functions.
Export a function
In the module where the function resides, you export the function by issuing an export statement.
For example, suppose you have the following function:
function isError($code : number) : boolean {
return $code >= 400
}
To export the isError function, you use this export statement:
export isError
Export and rename a function
To rename a custom function when you export it, use the AS clause.
The following example shows how to export the isError function using the name HTTP_Errors:
export isError AS HTTP_Errors
You can specify the AS keyword in uppercase or lowercase in your statement. For readability, uppercase is used in this example.
Exporting data types
You can export custom data types to share those data types with other users and groups.
Export a data type
In the module where the data type resides, export the data type by issuing an export statement.
For example, suppose you have the following data type:
type person = {
firstname:string,
surname:string
}
To export the person data type, the export statement is:
export person
Export and rename a data type
To rename a custom data type when you export it, use the AS clause.
The following example shows how to export the person data type using the name fullname:
export person AS fullname
You can specify the AS keyword in uppercase or lowercase in your statement. For readability, uppercase is used in this example.
Export statement shortcuts
You can combine a function statement inline with an export statement.
When you combine these statements, the function statements are valid in the current module. The items that are exported become public items, which can be imported and used in other modules.
Shortcut for combining functions and export statements
Consider the following function that looks for HTTP error codes that are greater than or equal to 400:
function isError($code : number) : boolean {
return $code >= 400
}
To export this function, you can use the following the statement:
export isError
The following shortcut combines these statements:
export function isError($code : number) : boolean {
return $code >= 400
}
You can use the isError function in the current module, as well as export the function to share the function with other users and groups.
See also
- Related information
- Importing items using SPL2
- Related reference
- Custom eval functions
- Custom command functions
- Custom data types
| Extend and branch SPL2 search statements | Importing module items and datasets using SPL2 |
This documentation applies to the following versions of Splunk® Cloud Services: current
Download manual
Feedback submitted, thanks!