Splunk® Cloud Services

SPL2 Search Reference

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

branch command usage

You can use the first command in a branch to specify condition or filters for that branch, for example:

| from people | branch [where (age < 13 ) | stats count() BY firstname | into child_names], [where gender = "M" | stats count() BY firstname | into male_names], [where gender = "F" | stats count() BY firstname | into female_names], [stats count() BY firstname | into names]

This search loads all of the people into memory and then sends those events down 4 branches.

  • The first 3 branches use the where command to filter the events for people in particular groups (children, men and women) and then calculates the count using the stats command.
  • The last branch does not specify a filter before the stats command.

See also

branch command
branch command overview
branch command syntax details
branch command examples
Last modified on 20 October, 2020
PREVIOUS
branch command syntax details 		  NEXT
branch command examples

This documentation applies to the following versions of Splunk® Cloud Services: current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters