splunk search
-
Splunk searches can retrieve events or generate reports. Complex searches are constructed by stringing commands together with a pipe "|" operator. For more information about search and search syntax, see our online documentation at: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/AboutCLIsearc hes Syntax: search [object][-parameter <value>] Note: Parameters that take Boolean values support {0, false, f, no} as negatives and {1, true, t, yes} positives. Objects: Search objects are enclosed in single quotes (' ') and can be keywords, expressions, or a series of search commands. Optional Parameters: app appname specify an app context to run the search batch true indicates how to handle updates in preview mode. Defaults to false. detach true triggers an asynchronous search and displays the job id and ttl for the search. header false indicates whether to display a header in the table output mode. max_time number the length of time in seconds that a search job runs before it is finalized. Defaults to 0, which means no time limit. maxout number the maximum number of events to return or send to stdout (when exporting events). Setting this to 0 means it will output an unlimited number of events. The max allowable value is 50k. Defaults to 100. output value indicates how to display the job. Choices are: rawdata, table, csv, raw, and auto. If not specified, defaults to rawdata for non-transforming searches and table for transforming searches. preview false indicates that reporting searches should be previewed. Defaults to true. timeout number the length of time in seconds that a search job is allowed to live after running. Defaults to 0, which means the job is cancelled immediately after it is run. wrap false indicates whether to line wrap for individual lines that are longer than the terminal width. Defaults to true. See what search language is available for use in the CLI by using these help commands: search-fields a full list of search fields search-modifiers a full list of search modifiers search-commands a full list of usable search commands Examples: ./splunk search '*' -detach true ./splunk search 'eventtype=webaccess error' -wrap 0 ./splunk search 'eventtype=webaccess error' -detach true Syntax: None Objects: None Required Parameters: None Optional Parameters: None Examples: None Type "help [command]" to get help with parameters for a specific command. Complete documentation is available online at: http://docs.splunk.com/Documentation
© Lightnetics 2024