into command examples
The following are examples for using the SPL2 into command.
To learn more about the into command, see How the SPL2 into command works.
1. Append search results to a dataset
Append the search results to the mytable dataset, which is a lookup kind of dataset.
... | into mode=append mytable
2. Pipeline examples
These examples show how to use the into command in a pipeline.
Use a pipeline to send data to a destination
The following pipeline selects a subset of the data received by the Edge Processor or Ingest Processor and then sends the data to a destination, such as an index or Amazon S3 bucket. The $destination parameter refers to the destination dataset specified in the pipeline settings.
$pipeline = | from $source | into $destination
Mask sensitive information using a pipeline
The following pipeline replaces the credit card numbers in the _raw field with the word "<redacted>". The pipeline then sends the masked data to a destination.
$pipeline = | from $source
| eval _raw=replace(_raw, /[1-5][0-9]{15}/i, "<redacted>")
| into $destination
Send pipeline data to separate destinations
The following example uses the branch command to make 2 complete copies of the incoming data and send the data into different destinations.
- For the first copy, the data is sent to an existing index named
buttercupin a cisco_syslog destination. - For the second copy, the IP addresses are obscured by using the hashing function,
sha256, and then the data is sent to an Amazon S3 destination.
$pipeline = | from $source | branch [ | eval index="buttercup" | into $cisco_syslog_destination], [ | eval ip_address = sha256(ip_address) | into $aws_s3_destination]
See also
- Pipelines
- Edge Processor pipeline syntax in the Use Edge Processors manual
- Ingest Processor pipeline syntax in the Use Ingest Processors manual
| into command usage | join command overview |
This documentation applies to the following versions of Splunk® Cloud Services: current
Download manual
Feedback submitted, thanks!