Splunk Cloud Platform

Federated Search

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

sdselect command overview

Use the sdselect command to run federated searches against Amazon S3 datasets that are referenced by AWS Glue Data Catalog tables.

Syntax

The required syntax is in bold.

| sdselect
( <field-list> | <stats-func>)...
<from-clause>
[WHERE <eval-expression>]
[GROUPBY (<field-list> [span=[<unsigned_int>]<timescale>])]
[ORDERBY <field-list>]
[LIMIT <unsigned_int>]


See also

sdselect command
sdselect command syntax details
sdselect command usage
sdselect command WHERE clause operations
Use time fields in sdselect searches
sdselect command examples for Amazon S3
Last modified on 06 March, 2024
PREVIOUS
Give your users role-based access control of federated indexes 		  NEXT
sdselect command syntax details

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2305, 9.1.2308 (latest FedRAMP release), 9.1.2312

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters