sdselect command overview
Use the sdselect
command to run federated searches against Amazon S3 datasets that are referenced by AWS Glue Data Catalog tables.
Syntax
The required syntax is in bold.
- | sdselect
- [reuse_search_results=<bool>]
- ( <field-list> | <stats-func> | <eval-func>)...
- <from-clause>
- [WHERE <eval-expression>]
- [GROUPBY ((<field-list> | <eval-func>)... [span=[<unsigned_int>]<timescale>])]
- [ORDERBY (<field-list> | <eval-func>)...]
- [LIMIT <unsigned_int>]
See also
Federated Analytics and Splunk Enterprise Security | sdselect command syntax details |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.2.2406 (latest FedRAMP release), 9.3.2408
Feedback submitted, thanks!