The nomenclature used for the data types in SPL syntax are described in the following table. Additionally, for Optional arguments, there might be a Default. For each argument, there is a Syntax and Description. In the descriptions of the arguments, the Required arguments and Optional argument sections, theĪrguments are listed alphabetically. In the command syntax, the command arguments are presented in the order in which the arguments are meant to be used. | chart eval(avg(size)/max(delay)) AS ratio BY host user Argument order In the following search example, the is avg(size)/max(delay) and is enclosed in parenthesis. This means that you must enclose the in parenthesis in your search. There are quotation marks on the parenthesis surrounding the. The most common quoted elements are parenthesis.Ĭonsider the syntax for the chart command: If an element is in quotation marks, you must include that element in your search. However, for readability, the syntax in the Splunk documentation uses uppercase on all keywords. You can specify these keywords in uppercase or lowercase in your search. Many commands use keywords with some of the arguments or options. This is a required set of arguments that you can repeat multiple times. Parenthesis ( ) are used to group arguments. Sometimes the syntax must display arguments as a group to show that the set of arguments are used together. In the following syntax, you can repeat the. In this example, the syntax that is inside the parenthesis can be repeated. Notice the ellipsis at the end of the syntax, just after the close parenthesis. The required argument is, with an option to specify a field with the clause.
The ellipsis always appear immediately after the part of the syntax that you can repeat.
to specify which part of an argument can be repeated. Some arguments can be specified multiple times. The argument is an abbreviation for and indicates that the argument accepts a wildcard character in the string that you provide. To use this command, at a minimum you must specify bin. Optional arguments are enclosed in square brackets.Required arguments are shown in angle brackets.SPL commands consist of required and optional arguments. For additional information about using keywords, phrases, wildcards, and regular expressions, see Search command primer. The following sections describe the syntax used for the Splunk SPL commands.
0 kommentar(er)
