into command: Examples
The following are examples for using the SPL2 into command.
To learn more about the into command, see How the SPL2 into command works.
1. Append search results to a dataset
Append the search results to the mytable dataset, which is a lookup kind of dataset.
... | into mode=append mytable2. Pipeline examples
These examples show how to use the into command in a pipeline.
Use a pipeline to send data to a destination
The following pipeline selects a subset of the data received by the Edge Processor or Ingest Processor and then sends the data to a destination, such as an index or Amazon S3 bucket. The $destination parameter refers to the destination dataset specified in the pipeline settings.
$pipeline = | from $source
| into $destination
Mask sensitive information using a pipeline
The following pipeline replaces the credit card numbers in the _raw field with the word "<redacted>". The pipeline then sends the masked data to a destination.
$pipeline = | from $source
| eval _raw=replace(_raw, /[1-5][0-9]{15}/i, "<redacted>")
| into $destination
Send pipeline data to separate destinations
The following example uses the branch command to make 2 complete copies of the incoming data and send the data into different destinations.
- For the first copy, the data is sent to an existing index named
buttercupin a cisco_syslog destination. - For the second copy, the IP addresses are obscured by using the hashing function,
sha256, and then the data is sent to an Amazon S3 destination.
$pipeline = | from $source
| branch
[ | eval index="buttercup" | into $cisco_syslog_destination],
[ | eval ip_address = sha256(ip_address) | into $aws_s3_destination]
See also
into command
Pipelines
Edge Processor pipeline syntax in the Use Edge Processors manual
Ingest Processor pipeline syntax in the Use Ingest Processors manual