What is SPL2?

SPL2 unifies search and data preparation across multiple Splunk products for Splunk analysts, app developers, and data managers with a powerful, flexible, and easy to use language.

The Search Processing Language (SPL) is a set of commands that you use to curate and search your data. Splunk supports 2 versions of the Search Processing Languages: SPL and SPL2.

SPL2 extends the existing SPL language by incorporating powerful features from other languages. Additionally, you can write searches using either SPL and SQL syntax. These enhancements simplify data access and analysis while also providing support for complex investigations and data management workflows.

Text that shows this equation. SPL2 = SPL + optional SQL + programming concepts

SPL2 is an intuitive language that is used with multiple products in the Splunk portfolio.

One language, many use cases

SPL2 unifies search and data preparation for Splunk analysts, app developers, and data managers with a powerful, flexible, and easy to use language across multiple Splunk products.

Depending on your role and particular needs, you can use SPL2 for any of the following:

  • A search language for analysts and end users, like SPL, but with enhanced capabilities.

  • A powerful development and scripting language for application developers.

  • A seamlessly streaming data preparation language for data managers.

  • Improved data control for Splunk admins.

  • Fully backwards compatible with SPL, and can operate in parallel with SPL.

See also

Related information

Why use SPL2?

Which Splunk apps and products use SPL2?

What is new and different in SPL2 ?

New terminology with SPL2

How can I learn SPL2?