splunk search



  •     Splunk searches can retrieve events or generate reports.
        Complex searches are constructed by stringing commands together
        with a pipe "|" operator. For more information about search and
        search syntax, see our online documentation at:
        
    http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/AboutCLIsearc
    hes
    
        Syntax:
    
            search [object][-parameter <value>]
    
        Note: Parameters that take Boolean values support {0, false, f, no} as
              negatives and {1, true, t, yes} positives.
    
        Objects:
    
            Search objects are enclosed in single quotes (' ') and can be keywords,
            expressions, or a series of search commands.
    
        Optional Parameters:
    
            app          appname specify an app context to run the search
    
            batch        true    indicates how to handle updates in preview mode.
                                 Defaults to false.
    
            detach       true    triggers an asynchronous search and displays
                                 the job id and ttl for the search.
    
            header       false   indicates whether to display a header in the table
                                 output mode.
    
            max_time     number  the length of time in seconds that a search job
                                 runs before it is finalized. Defaults to 0, which
                                 means no time limit.
    
            maxout       number  the maximum number of events to return or send to
                                 stdout (when exporting events). Setting this to 0
                                 means it will output an unlimited number of events.
                                 The max allowable value is 50k. Defaults to 100.
    
            output       value   indicates how to display the job. Choices are:
                                 rawdata, table, csv, raw, and auto. If not 
    specified,
                                 defaults to rawdata for non-transforming searches
                                 and table for transforming searches.
    
            preview      false   indicates that reporting searches should be
                                 previewed. Defaults to true.
    
            timeout      number  the length of time in seconds that a search job
                                 is allowed to live after running. Defaults to 0,
                                 which means the job is cancelled immediately after
                                 it is run.
    
            wrap         false   indicates whether to line wrap for individual lines
                                 that are longer than the terminal width. Defaults
                                 to true.
    
        See what search language is available for use in the CLI by using these
        help commands:
    
             search-fields       a full list of search fields
             search-modifiers    a full list of search modifiers
             search-commands     a full list of usable search commands
    
          Examples:
    
            ./splunk search '*' -detach true
    
            ./splunk search 'eventtype=webaccess error' -wrap 0
    
            ./splunk search 'eventtype=webaccess error' -detach true
    
                    
    Syntax:
    
    	None
    
    Objects:
    
    	None
    
    Required Parameters:
    
    	None
    
    Optional Parameters:
    
    	None
    
    Examples:
    
    	None
    
    Type "help [command]" to get help with parameters for a specific command.
    
    Complete documentation is available online at: 
    http://docs.splunk.com/Documentation
    

Log in to reply
 

© Lightnetics 2024