sdselect command overview
Use the sdselect
command to run federated searches against Amazon S3 datasets that are referenced by AWS Glue Data Catalog tables.
Syntax
The required syntax is in bold.
- | sdselect
- [reuse_search_results=<bool>]
- ( <field-list> | <stats-func> | <eval-func>)...
- <from-clause>
- [WHERE <eval-expression>]
- [GROUPBY ((<field-list> | <eval-func>)... [span=[<unsigned_int>]<timescale>])]
- [ORDERBY (<field-list> | <eval-func>)...]
- [LIMIT <unsigned_int>]
See also
Give your users role-based access control of federated indexes | sdselect command syntax details |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!