Produces a summary of each search result. |
Add fields that contain common information
about the current search. |
Computes the sum of all numeric fields for
each result. |
Computes an "unexpectedness" score
for an event. |
Finds and summarizes irregular |
Appends subsearch results to current
results. |
Appends the fields of the subsearch results
to current results |
Find association rules between field values |
Identifies correlations between fields. |
Returns audit trail information that is
stored in the local audit index. |
Sets up data for calculating the moving
average. |
Analyzes numerical fields for their ability
to predict another discrete field. |
Keeps a running total of a specified numeric
field. |
Computes the difference in field value
between nearby results. |
Puts continuous numerical values into
discrete sets. |
Returns results in a tabular output for
charting. |
Find how many times field1 and field2 values
occurred together |
|
Builds a contingency table for two fields. |
Converts field values into numerical values. |
Crawls the filesystem for files of interest
to Splunk |
Adds the RSS item into the specified RSS
feed. |
Allows user to examine data models and run
the search for a datamodel object. |
Removes the subsequent results that match
specified criteria. |
Returns the difference between two search
results. |
Automatically extracts field values similar
to the example values. |
Calculates an expression and puts the
resulting value into a field. |
Extracts values from search results |
Extracts field-value pairs from search
results. |
Keeps or removes fields from search results. |
Generates summary information for all or a
subset of the fields. |
Replace null values with last non-null value |
Replaces null values with a specified value. |
Replaces "attr" with higher-level
grouping |
Replaces PATHFIELD with higher-level
grouping |
Run a templatized streaming subsearch for
each field in a wildcarded field list |
Takes the results of a subsearch and formats
them into a single result. |
Transforms results into a format suitable
for display by the Gauge chart types. |
Generates time range results. |
Generate statistics which are clustered into
geographical bins to be rendered on a world map. |
Returns the first n number of specified
results. |
Returns the last n number of specified
results. |
Returns information about the Splunk index. |
Adds or disables sources from being
processed by Splunk. |
Loads search results from the specified CSV
file. |
Loads search results from a specified static
lookup table. |
SQL-like joining of results from the main
results pipeline with the results from the subpipeline. |
Joins results with itself. |
Performs k-means clustering on selected
fields. |
Returns a list of time ranges in which the
search results were found. |
Prevents subsequent commands from being
executed on remote peers. |
Loads events or results of a previously
completed search job. |
Explicitly invokes field value lookups. |
Looping operator |
Extracts field-values from table-formatted
events. |
Do
multiple searches at the same time |
Combines events in the search results that
have a single differing field value into one result with a multi-value field
of the differing field. |
Expands the values of a multi-value field
into separate events for each value of the multi-value field. |
Changes a specified field into a multi-value
field during a search. |
Changes a specified multi-value field into a
single-value field at search time. |
Removes outlying numerical values. |
Executes a given search query and export
events to a set of chunk files on local disk. |
Outputs search results to the specified CSV
file. |
Save search results to specified static
lookup table. |
Outputs search results in a simple |
Outputs the raw text (_raw) of results into
the _xml field. |
Finds events in a summary index that overlap
in time or have missed events. |
Allows user to run pivot searches against a
particular datamodel object. |
Predict future values of fields. |
See what events from a file will look like
when indexed without actually indexing the file. |
Displays the least common values of a field. |
Removes results that do not match the
specified regular expression. |
Calculates how well the event matches the
query. |
Renames a specified field (wildcards can be
used to specify multiple fields). |
Replaces values of specified fields with a
specified new value. |
Specifies a Perl regular expression named
groups to extract fields while you search. |
Buffers events from real-time search to emit
them in ascending time order when possible |
The select command is deprecated. If you
want to compute aggregate statistics |
Makes calls to external Perl or Python
programs. |
Returns a random sampling of N search
results. |
Returns the search results of a saved
search. |
Emails search results to specified email addresses. |
Sets the field values for all results to a
common value. |
Extracts values from structured data (XML or
JSON) and stores them in a field or fields. |
Turns rows into columns. |
Filters out repeated adjacent results |
Retrieves event metadata from indexes based
on terms in the <logical-expression> |
Filters results using keywords |
Performs set operations on subsearches. |
Clusters similar events together. |
Produces a symbolic 'shape' attribute
describing the shape of a numeric multivalued field |
Sorts search results by the specified
fields. |
Puts search results into a summary index. |
Adds summary statistics to all search
results in a streaming manner. |
Adds summary statistics to all search
results. |
Provides statistics |
Concatenates string values. |
Summary indexing friendly versions of stats
command. |
Summary indexing friendly versions of top
command. |
Summary indexing friendly versions of rare
command. |
Summary indexing friendly versions of chart
command. |
Summary indexing friendly versions of
timechart command. |
Annotates specified fields in your search
results with tags. |
Computes the moving averages of fields. |
Creates a time series chart with
corresponding table of statistics. |
Displays the most common values of a field. |
Writes the result table into *.tsidx files
using indexed fields format. |
Performs statistics on indexed fields in
tsidx files |
Groups events into transactions. |
Returns typeahead on a specified prefix. |
Generates suggested eventtypes. Deprecated: preferred command is
'findtypes' |
Calculates the eventtypes for the search
results |
Runs an eval expression to filter the
results. The result of the expression must be Boolean. |
Causes UI to highlight specified terms. |
Converts results into a format suitable for
graphing. |
Extracts XML key-value pairs. |
Un-escapes XML characters. |
Extracts the xpath value from FIELD and sets
the OUTFIELD attribute. |
Extracts location information from IP
addresses using 3rd-party databases. |
Processes the given file as if it were
indexed. |
Sets RANGE field to the name of the ranges
that match. |
Returns statistics about the raw field. |
Sets the 'reltime' field to a human readable
value of the difference between 'now' and '_time'. |
Anonymizes the search results. |
Returns a list of source |
Performs a debug command. |
Performs a deletion from the index. |
Returns the number of events in an index. |
Generates suggested event types. |
convenient way to return values up from a
subsearch |
Internal command used to execute scripted
alerts |
finds transaction events given search
constraints |
Runs the search script |
Remove seasonal fluctuations in fields. |