How can I learn SPL2?
You can learn SPL2 by reading the SPL2 documentation, by taking a Splunk course, or exporing Splunk Lantern.
You have several options for learning SPL2:
Use the in-product help features
| Type of help | Description |
|---|---|
| Getting started tooltip icons | When you start a new module, there are icons ( |
| Popover help for commands | When you build a search or pipeline, help information appears when you type the name of a command. You'll see a description for the command, the command syntax, examples for using the command, and a link to the SPL2 documentation for that command. |
| Popover help for functions | When you type the name of a function in a search or pipeline, information about that function appears. You'll see a description for the function, the function syntax, examples for using the function, and a link to the product documentation for that function. |
| Guided help tutorial module | From the Search & Reporting app, you can select the Get started with guided help card to open the Tutorial module in the SPL2 module editor. This module includes a set of sample searches along with instructions on how to use the module. You can run the searches in the Tutorial module or modify the searches to explore the features in the SPL2 module editor. |
| Templates for pipelines | In the Edge Processor or Ingest Processor service, you can select Pipelines and then Templates to access a list of pipeline templates. These templates are designed to work with specific data sources and use cases, and include sample data and preconfigured SPL2 that you can use as a starting point for your own custom pipelines or as a reference for learning how to write SPL2. |
Use the SPL2 documentation
In addition to this SPL2 Overview manual, there are 2 other manuals about SPL2:
The SPL2 Search Manual
The SPL2 Search Reference
SPL2 Search Manual
Use the SPL2 Search Manual to understand how to use SPL2 commands effectively. You'll learn how to get started searching, how to use expressions and predicates, and even how to add comments to your search strings.
| Links to key information in the SPL2 Search Manual | Description |
|---|---|
| Searching data using SPL2 | Describes how to use SPL2 in the Search & Reporting app, including the 2 different interfaces you can use to run SPL2 searches. |
| Search page overview for SPL2 | Identifies the different parts of the Search page in the Search app screen that you will use when you create standalone single statement SPL2 searches. |
| SPL2 module editor overview | Identifies the different parts of the SPL module editor screen that you will use when you create multiple SPL2 searches, custom functions, and custom data types. |
| Expressions quick reference | Describes the different types of expressions you can use in commands and functions that accept expression. |
SPL2 Search Reference
The SPL2 Search Reference contains information about the SPL2 search commands, command syntax, and built-in functions. See the examples provided for each of the commands and functions supported in SPL2.
To help you find information quickly, there are useful quick references and other key information summarized for you. Use these references to see information for commands, functions, expressions and other SPL2 documentation.
| Links to key information in the SPL2 Search Reference | Description |
|---|---|
| Quick Reference for SPL2 commands | Describes the commands supported in SPL2. |
| Quick Reference for SPL2 eval functions | Describes the evaluation functions supported in SPL2. You can see an alphabetical list of functions or a list organized by function category. |
| Quick Reference for SPL2 stats and charting functions | Describes the statistical functions supported in SPL2. You can see an alphabetical list of functions or a list organized by function category. |
| Understanding SPL2 syntax | Describes the elements you will find in the syntax sections for each command, such as required and optional arguments, keywords, and reserved words. |
Documentation for admins
Admins can create modules, change module permissions, and install and manage SPL2-based apps. Some of these tasks can be performed through the UIs and other tasks require you to use the SPL2 REST API endpoints. For more information, use the links in the following table:
| Action | Splunk Cloud Platform | Splunk Enterprise |
|---|---|---|
| Install SPL2-based apps | Install SPL2-based apps in the Splunk Cloud Platform Admin Manual. | Install SPL2-based apps in the Splunk Enterprise Admin Manual. |
| Manage SPL2-based apps | Manage SPL2-based apps in the Splunk Cloud Platform Admin Manual. | Manage SPL2-based appsin the Splunk Enterprise Admin Manual. |
| SPL2 endpoints | Endpoints for SPL2-based applications in the Splunk Cloud REST API Reference. | Endpoints for SPL2-based applications in the Splunk Enterprise REST API ReferenceEndpoints for SPL2-based applications. |
Documentation for application developers
You'll find detailed instructions in the Splunk Developer Guide about how to build SPL2-based apps using the Splunk Extension for Visual Studio. See Create SPL2-based apps.
There are several sample SPL2-based applications for you to explore with examples of how to build an app with SPL2. See Sample SPL2-based applications in the Splunk Developer Guide
The REST endpoints provide an alternative way to create SPL2-based applications. Use the SPL2 REST endpoints to create modules, update modules, and assign permissions. See Endpoints for SPL2-based applications in the REST API Reference.
Take a Splunk EDU course
The eLearning course Introduction to SPL2 is a free, self-paced 60-90 minute course. This course introduces the foundational concepts of SPL2, teaching you how to process data-in-motion and data-at-rest.
Splunk Lantern
Splunk Lantern is a customer success resource center provided by Splunk. It offers guidance and resources to help you effectively utilize Splunk software, covering topics like getting started, data analysis, and specific use cases. Splunk Lantern also includes product tips, data descriptors, and use case explorers for both the platform and premium products.
On the Splunk Lantern Home page, search for SPL2 to find a list of articles related to SPL2.