Database Reference
In-Depth Information
Using pipes when processing data with Splunk
However, SPL can be used to do much more advanced searches and analyses as well. Pipes
are a way to do this. The pipe character (|) can be used to chain together different com-
mands in a search. In the previous simple search and in our following search, a search is
implied in the first pipe, but the term search itself is left out. In other words, in the follow-
ing search, we could say buttercupgames or search buttercupgames and it means
the same thing. There are many other commands that can be used as well, and they are lis-
ted and discussed as follows. Consider the following piped command:
buttercupgames | timechart count by itemId limit=10
The command following the pipe character acts on the data after it comes from the previ-
ous pipe. Hence, a pipe can refer to either the pipe character or the command between
pipes. So, as our first pipe is the term buttercupgames , with the search term implied,
all the events containing the word buttercupgames will be gathered; then the second
pipe's instructions about creating a timechart showing the count by itemId will be carried
out on that gathered data. We'll cover these more advanced processes in the chapters ahead.
Tip
Downloading the example code
You can download the example code files from your account at http://www.packtpub.com
for all the Packt Publishing topics you have purchased. If you purchased this topic else-
where, you can visit http://www.packtpub.com/support and register to have the files e-
mailed directly to you.
Search WWH ::




Custom Search