Compatibility Quick Reference for SPL2 commands
An SPL2 profile maps to a set of SPL2 commands and functions that are used by a given product. See SPL2 compatibility profiles.
The following table shows which SPL2 commands are supported for the Edge Processor on Enterprise.
| SPL2 Command | Description |
|---|---|
| branch | Processes one set of events or search results, in parallel, in two or more branches. Each branch must end with the into command. |
| eval | Calculates an expression and puts the resulting value into a search results field. |
| expand | Produce a separate result row for each object in an array that is in a field. |
| fields | Keeps or removes fields from search results based on the list of fields that you specify. |
| flatten | Converts the key-value pairs in the object into separate fields in an event. Flattens only the first level of an object. |
| from | Retrieves data from a dataset, such as an index, metric index, lookup, view, or job.
The |
| into | Appends to or replaces the contents of a dataset in the search data pipeline. The dataset must be a writeable dataset, also referred to as a dataset sink. |
| lookup | Invokes field value lookups. |
| mvexpand | Expands the values of a multivalue field into separate events, one event for each value in the multivalue field. |
| rename | Renames one or more fields. |
| replace | Replaces field values in your search results with the values that you specify. This command does not replace values in fields generated by stats or eval functions. If you do not specify a field, the value is replaced in all non-generated fields. |
| rex | Use to either extract fields using regular expression named groups, or replace or substitute characters in a field using sed expressions. |
| route | Routes a desired subset of incoming data so that it gets sent to a different destination. |
| thru | Writes data to a writeable dataset and then passes the same data to the next command in the search string. By default, the thru command appends data to the dataset. |
| where | Filters search results based on the outcome of a Boolean expression. |