Splunk® Cloud Services

SPL2 Search Reference

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

thru command examples

The following are examples for using the SPL2 thru command. To learn more about the thru command, see How the thru command works.

1. Append all of the search results to a dataset

This example appends all the incoming search result set to the actions dataset. Those same search results are also passed into the eval command.

... | thru actions | eval field=<expression>

2. Replace all of the search results in a dataset

In this example, all of the existing data in the customers dataset is replaced by the incoming search result set. Those same search results are passed into the eval command.

... | thru mode=replace customers | eval field=<expression>

See also

thru command
thru command overview
thru command syntax details
thru command usage
Last modified on 29 April, 2020
PREVIOUS
thru command usage 		  NEXT
timechart command overview

This documentation applies to the following versions of Splunk® Cloud Services: current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters