Splunk Cloud Platform

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS AppDynamics On-Premises AppDynamics SAP Agent Release Notes and Updates Supported Add-ons

Splunk Cloud Platform

Splunk Cloud Platform Contents

Get Started

Administer

SPL2 Search Manual

Get started searching

Grouping search results

Manage Knowledge Objects

Leverage REST APIs

Release Notes

Analytics and Insights

Create Dashboards and Reports

Alert and Respond

Apply Machine Learning

Data Sources

Get Data In

Ingest Data from Cloud Services

Forward and Process Data

Process Data at the Edge

Process Data at Ingest Time

Collect Stream Data

Connect Relational Databases

Common Information Model

InfoSec App for Splunk

Splunk Edge Hub OS

Splunk OT Intelligence

Splunk Edge Hub Mobile App

Splunk Mobile for Android

Splunk Mobile for iOS

REST API Reference

SPL Search Reference

Splunk Validated Architectures

Developing Views and Apps for Splunk Web

MCP Server for Splunk Platform

Grouping search results

The from command also supports aggregation using the GROUP BY clause in conjunction with aggregate functions calls in the SELECT clause like this:

FROM main WHERE earliest=-5m@m AND latest=@m GROUP BY host SELECT sum(bytes) AS sum, host

Next step

See Filtering data.

Last updated: July 23, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

AppDynamics On-Premises

AppDynamics SAP Agent

Release Notes and Updates

Supported Add-ons