What is SPL2?
The Search Processing Language (SPL) is a set of commands that you use to search your data. There are two versions of SPL: SPL and SPL, version 2 (SPL2).
SPL2 was developed to make the command syntax and options more consistent, and to provide users with the option to use a command that is similar to the SQL SELECT command.
In the Search and Chart Experience, you will use SPL2 to search your data and create visualizations.
SPL2 Documentation
There are two manuals that contain information about SPL2:
- SPL2 Search Reference
- Contains reference information about the SPL2 search commands, command syntax, data types, and functions.
- SPL2 Search Manual
- Contains information about how to use SPL2 commands effectively. You'll learn about modules and datasets, how to use expressions and predicates, even how to add comments to your search strings.
SPL2 Quick Reference information
Here are some direct links to useful information in the SPL2 documentation:
| Information | Link |
|---|---|
| Search syntax | Understanding SPL2 Syntax in the SPL2 Search Reference |
| Commands | SPL2 Command Quick Reference in the SPL2 Search Reference |
| Functions |
|
| Expressions | Expressions in the SPL2 Search Manual |
| Differences between SPL and SPL2 | Differences between SPL and SPL2 in the SPL2 Search Reference |
Links to the SPL2 documentation from the UI
On every page there is a Help icon ( ? ) with an option to access the SPL2 Search Reference.
On other pages, there are links to the documentation that are relevant to those pages.
See also
- Related information
- Search using point-and-click
- Search using SPL2
| New terms and concepts | Differences between SPL and SPL2 |
This documentation applies to the following versions of Splunk Cloud Platform™: search2preview
Download manual
Feedback submitted, thanks!