Introduction
The Search Processing Language (SPL) is a set of commands that you use to search your data.
There are two versions of SPL: SPL and SPL2. This manual describes SPL2.
Where SPL2 is used
Several Splunk products use SPL2:
- Splunk Edge Processor
- SPL2 in Splunk Enterprise for application development (public beta)
- Splunk Search Experience (preview)
Splunk Data Stream Processor (DSP) uses a set of custom functions, some of which are similar to SPL2 commands and functions. See DSP functions by category in the Splunk Data Stream Processor Function Reference.
Learning SPL2
SPL2 makes the search language easier to use, removes infrequently used commands, and improves the consistency of the command syntax. SPL2 is a more concise language that supports both SPL and SQL syntax.
There are two Splunk manuals that contain information about SPL2:
SPL2 Search Reference
The SPL2 Search Reference contains reference information about the SPL2 search commands, command syntax, data types, and functions.
SPL2 Search Manual (this manual)
The SPL2 Search Manual contains information about how to use SPL2 commands effectively. You'll learn how to get started searching, how to use expressions and predicates, even how to add comments to your search strings.
Useful links to SPL2 documentation
There are two Splunk manuals which contain information about SPL2, the SPL2 Search Manual (this manual) and the SPL2 Search Reference.
The following list contains links to SPL2 getting started and quick reference information:
- Start searching using SPL2
- Datasets
- Types of expressions
- Quotation marks
- Understanding SPL2 Syntax in the SPL2 Search Reference
- SPL2 Command Quick Reference in the SPL2 Search Reference