| Command | Alias(es) | Description | See also |
|---|---|---|---|
| bucket | bin, discretize | Puts continuous numerical values into discrete sets. | chart, timechart |
| chart | Returns results in a tabular output for charting. See also, Functions for stats, chart, and timechart. | bucket, sichart, timechart | |
| dedup | Removes subsequent results that match a specified criteria. | uniq | |
| eval | Calculates an expression and puts the value into a field. See also, Functions for eval and where. | where | |
| extract | kv | Extracts field-value pairs from search results. | kvform, multikv, xmlkv, rex |
| fields | Removes fields from search results. | ||
| head | Returns the first number n of specified results. | reverse, tail | |
| lookup | Explicitly invokes field value lookups. | ||
| multikv | Extracts field-values from table-formatted events. | ||
| rangemap | Sets RANGE field to the name of the ranges that match. | ||
| rare | Displays the least common values of a field. | sirare, stats, top | |
| rename | Renames a specified field; wildcards can be used to specify multiple fields. | ||
| replace | Replaces values of specified fields with a specified new value. | ||
| rex | Specify a Perl regular expression named groups to extract fields while you search. | extract, kvform, multikv, xmlkv, regex | |
| search | Searches Splunk indexes for matching events. | ||
| spath | Extracts key-value pairs from XML or JSON formats. | extract, kvform, multikv, rex, xmlkv | |
| sort | Sorts search results by the specified fields. | reverse | |
| stats | Provides statistics, grouped optionally by fields. See also, Functions for stats, chart, and timechart. | eventstats, top, rare | |
| tail | Returns the last number n of specified results. | head, reverse | |
| timechart | Create a time series chart and corresponding table of statistics. See also, Functions for stats, chart, and timechart. | chart, bucket | |
| top | common | Displays the most common values of a field. | rare, stats |
| transaction | transam | Groups search results into transactions. | |
| where | Performs arbitrary filtering on your data. See also, Functions for eval and where. | eval | |
| xmlkv | Extracts XML key-value pairs. | extract, kvform, multikv, rex, spath |