Splunk® Enterprise

Search Manual

Acrobat logo Download manual as PDF


Splunk Enterprise version 6.x is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

About writing custom search commands

This documentation has moved and been updated. See Create custom search commands for apps in Splunk Cloud or Splunk Enterprise in the Developer Guide on the Developer Portal.

The Splunk Search Processing Language (SPL) includes a wide variety of commands that you can use to get what you want out of your data and to display the results. You can use commands to correlate events and calculate statistics on your results, evaluate fields and reorder results, reformat and enrich your data, build charts, and more.

You can also expand the Splunk SPL to customize these commands to better meet your needs, or to write your own search commands for custom processing or calculations.

Use the Splunk SDK for Python, which includes several templates, to build custom search commands. See How to create custom search commands on the Splunk Dev Portal.

Last modified on 15 September, 2020
PREVIOUS
Export search results 		  NEXT
What's in this section?

This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters