Use the "Convert to SPL2" button to convert a search from SPL to SPL2.

When writing a search in the Search bar, you can convert it from SPL to SPL2 by selecting the Convert to SPL2 button. This button is available only when the language picker is set to SPL and the Search bar contains a search.

The following screenshot shows the Search bar when the language picker is set to SPL and the Convert to SPL2 button is available:

Note: For information about the layout and features of the Search page where the Search bar is located, see Search page overview for SPL2.

Conversions are supported for most but not all SPL commands and search formats.

• If the conversion succeeds, then the contents in the Search bar are updated into SPL2, and the setting in the language picker changes from SPL to SPL2.

• If the conversion fails, then the contents of the Search bar remain unchanged, and the Search page returns the following error message: Failed to convert SPL to SPL2.

1. From the Splunk Home page, select Search & Reporting in the Apps panel.
2. On the Search page, confirm that the language picker is set to SPL.
3. In the Search bar, enter your search using SPL.

   index=main | fields host* categoryId | eval low-categoryId=lower(categoryId)

4. Select the Convert to SPL2 button that appears.
   Note: Be aware that you cannot revert your search back to SPL after converting it to SPL2. If you want to preserve a copy of your SPL search, then before selecting the Convert to SPL2 button, copy and paste the search to another location for safekeeping.

   The example SPL search shown in the previous step converts into the following SPL2 search:

   index=main | fields 'host*', categoryId | eval 'low-categoryId'=lower(categoryId)

   SPL2 requires field names that contain special characters to be enclosed in single quotation marks ( ' ). In this example, host* contains an asterisk ( * ) and low-categoryId contains a hyphen ( - ), so the conversion tool enclosed those field names in single quotation marks.

   Additionally, SPL2 requires the field names in a list of fields to be separated by commas ( , ). In this example, the fields command lists 2 fields, so the conversion tool inserts a comma between those fields.