Splunk Search Commands – Flashcards
Unlock all answers in this set
Unlock answersquestion
abstract
answer
provides context lines or terms to results
question
accum
answer
create a running total for a numeric field
question
addcoltotals
answer
creates a new event with totals of numeric fields
question
addinfo
answer
adds info fields to the results
question
addtotals
answer
creates a field with the sum of the numeric fields
question
analyzefields
answer
create fields that measure concurrency of numeric fields to specified field
question
anomalies
answer
find anomalous data based on specified criteria
question
anomalousvalue
answer
Finds and summarizes anomalies
question
append
answer
Appends the results of a subsearch to the result set
question
appendcols
answer
Add the fields of a subsearch to those of the main search in order
question
appendpipe
answer
Integrate results of a subsearch into the main search
question
associate
answer
Identifies correlations between fields
question
audit
answer
Return audit information with result set. Also validate signatures if applied.
question
autoregress
answer
Sets up data for calculating a moving average
question
bucket
answer
Puts continuous numerical values into discrete sets
question
bucketdir
answer
Replaces a field value with higher-level grouping
question
chart
answer
creates tabular output for charting
question
cluster
answer
Cluster similar events together
question
collect
answer
Puts search results into a summary index
question
concurrency
answer
Based on a duration field, count the events starting within that duration of the each event.
question
contingency
answer
Builds a contingency table for two fields
question
convert
answer
Transforms fields into numeric values
question
correlate
answer
Calculates the correlation matrix for all the fields
question
crawl
answer
Crawls the filesystem for files of interest to Splunk
question
dbinspect
answer
return information about the specified index
question
dedup
answer
remove subsequent results with criteria matching earlier results
question
delete
answer
erase events from Splunk (permanently hide them)
question
delta
answer
compute the difference between the values of fields in nearby results
question
diff
answer
returns the difference between two fields in the search result
question
erex
answer
look for patterns in the results based on examples and counter examples
question
eval
answer
perform a calculation and put result into a field
question
eventstats
answer
create summary statistics and add the fields to every search result
question
extract
answer
force key value pair extraction on results
question
fieldformat
answer
specify how to render field at time of output
question
fields
answer
adds or removes fields from search results
question
filldown
answer
replace NULL values with previous non-NULL value
question
fillnull
answer
replace NULL values with specified value
question
format
answer
take all the rows from a search and convert them into a single string result
question
gauge
answer
transform results into a form suitable for the gauge chart type
question
gentimes
answer
generate time-range results
question
head
answer
return the first n rows in the result
question
highlight
answer
causes SplunkWeb to highlight specified fields
question
history
answer
return a history of searches formatted as an events list or as a table
question
iconify
answer
causes Splunk to create a unique icon for each value of the fields listed
question
input
answer
adds or disables sources for Splunk to process
question
inputcsv
answer
loads search results from specified CSV file
question
inputlookup
answer
loads search results from specified static lookup file
question
iplocation
answer
extract location information from IP address
question
join
answer
SQL-like joining of results from prior search
question
kmeans
answer
perform k-means clustering of selected fields
question
kvform
answer
extract values from search results using a form template
question
loadjob
answer
load search results from a previous run of a saved search
question
localize
answer
returns a list of time ranges in which the search results were found
question
lookup
answer
invokes field-value lookups from specified lookup file or process
question
makecontinuous
answer
make a field continuous as used by chart and timechart
question
makemv
answer
make a mutivalued field from another field
question
map
answer
performs a new search for each search result
question
mappy
answer
performs a calculation using a Python expression and includes results a new field
question
metadata
answer
returns host, sourcetype or source statistics for a specified index or search peer
question
metasearch
answer
retrieves event metadata from indexes based on terms in the logical expression
question
multikv
answer
extract key value pairs from table-formatted results
question
mvcombine
answer
combines events with a single differing field into one result with multiple values in a single field
question
mvexpand
answer
expands the values in a multivalued field into separate results
question
nomv
answer
converts multi-valued field into a single-valued field at search time.
question
outlier
answer
removed outlying numerical values
question
outputcsv
answer
output results as a CSV file
question
outputlookup
answer
outputs results to the specified lookup table
question
outputtext
answer
output _raw field of the results into the _xml field
question
overlap
answer
find events in a summary index that overlap in time or finds gaps that a scheduled search may have missed
question
rangemap
answer
provide descriptive names to numeric ranges
question
rare
answer
find the least common values of a field
question
reducepy
answer
experimental function providing access to Python's reduce function
question
regex
answer
filters results based on matching or not matching a regular expression
question
relevancy
answer
compute a relevancy coefficient for each result based on frequent occurrence of rare matching terms
question
reltime
answer
computes (now - _time) and presents it in a human-readable format like "20 minutes ago"
question
rename
answer
changes the name of a specified field. Wildcards allow multiple fields to have name changes
question
replace
answer
overwrite matching values with new ones in one field or all fields
question
reverse
answer
reverses the order of the results
question
rex
answer
extract new fields from an existing field with a Python regular expression
question
rtorder
answer
buffer real-time search results and sort by _time to the extent possible
question
run
answer
alias for script command beginning with 'r'
question
savedsearch
answer
runs a saved search with optional macro replacements
question
script
answer
executes an external script /etc/searchscripts
question
scrub
answer
anonymizes search results
question
search
answer
the implicit command beginning all searches. If needed after a pipe, then the command must be entered.
question
searchtxn
answer
using named transaction from transactiontypes.conf, find transaction events within search constraints
question
selfjoin
answer
perform join of results with self
question
sendemail
answer
send results to specified email
question
set
answer
perform union, intersection or diff on results of two subsearches. Acts on all fields.
question
setfields
answer
sets fields to constant string values. Eval is more general purpose.
question
sichart
answer
summary version of chart command
question
sirare
answer
summary version of rare command
question
sistats
answer
summary version of stats command
question
sitimechart
answer
summary version of timechart command
question
sitop
answer
summary version of top command
question
sort
answer
sort result set based on certain fields
question
spath
answer
use a path to locate values in structured data formats like XML or JSON
question
stats
answer
groups results by specified fields and includes specified statistics. Similar to group by query in SQL
question
strcat
answer
concatenates string values into destination field
question
streamstats
answer
produces specified statistics like the stats command, but appends new fields to all corresponding results
question
table
answer
creates a table of the specified fields
question
tags
answer
annotates specified fields of search result with tags
question
tail
answer
returns the last n result entries
question
timechart
answer
creates a time series chart and corresponding table of statistics
question
top
answer
returns the most common values of a field
question
transaction
answer
groups search results into concatenated results based on specified keys to form transactions
question
transpose
answer
swaps rows for columns in result set
question
trendline
answer
computes moving averages of fields
question
typeahead
answer
returns type ahead information for a specified prefix
question
typelearner
answer
get Splunk to guess the event types in result set
question
typer
answer
Calculate eventtype field for search result of a known event-type
question
uniq
answer
remove duplicate search results that occur in sequence
question
untable
answer
converts tabular results into a format similar to stats output
question
where
answer
performs filtering on result set using functions found in the eval command
question
xmlkv
answer
returns key value pairs from xml data
question
xmlunescape
answer
converts escaped xml values back to their original values (for &, )
question
xpath
answer
creates flat field names from specified fields embedded in xml paths
question
xyseries
answer
converts results to a format used for graphing