Module 8: SPL Fundamentals Flashcards
Splunk Search Language: Commands
Tells splunk what to do with search results. (Charts, stats, formatting)
Splunk Search Language: Functions
Explains how to execute command (sum, average, etc.)
Arguments
Variables to apply to functions
Clauses
How to group or define results
(pipe)
Tells splunk to pass results to next search component
Boolean color code
Orange
Commands color code
Blue
Argument color code
Green
Functions color code
Purple
Search commands execute in which direction
Left to right. Narrow as they go
Fields command
Includes/Excludes specific fields from search
Table command
Returns a table with fields in the argument list
Rename command
Assigns friendly name to field in tabular view.
Affects search if used early
Dedup command
Removes duplicate events with common values
sort + vs sort - in numeric searches
Sort + sorts in ascending order (1-100)
Sort - sorts in descending (100-1)