Javatpoint Logo
Javatpoint Logo

Splunk - Types of Command

In this section, we are going to learn about the types of command that are present in the Splunk searches. The commands that we are going to cover are, streaming and non-streaming command, distributable streaming command, centralized streaming command, transforming command, generating command, orchestrating command, dataset processing command.

Types of commands

When we learn about the Splunk SPL, we may hear the words used to define the types of search commands that stream, create, transform, orchestrate, and process data. Each section lists the commands that fall into each category and discusses what such words mean.

There are Six search commands basically:

  • distributable streaming command
  • centralized streaming command
  • transforming command
  • generating command
  • orchestrating command
  • dataset processing command

In Splunk web app, such categorizations are not unique to one another. Some commands only fall into one group. The stats command is an example of a command that only fits into the categorization of transformers. Certain commands may fit into multiple categories. A command can stream and also generate, for example.

Streaming and non-streaming commands

On every event, a streaming command operates as it is returned from a scan. Essentially one participant in a participant and one (or no) out.

For example, the eval command will create a new field, full name, that will contain the value concatenation in the first name field, space, and the last name value.

The eval command tests every event without taking into consideration other events.

A non-streaming command allows all indexers to have the events before the command can run on the entire set of events. Some commands that transform are non-streaming commands. There are also several commands which do not transform commands but are non-streaming commands.

Those non-transforming, non-streaming commands are often called non-streaming commands based on events.

For example, the entire set of events must be received by the sort command, before the sort command can start sorting the events. Certain non-streaming command examples include the dedup (in some modes), data, and top.

Non-streaming commands push the search head toward the whole series of events. That needs a lot of data transfer and parallel loss.

Processing attributes

The table below outlines the variations in the processing of certain command types.

Distributable streaming Centralized streaming Data processing (non-streaming) Transforming
Can run on indexers Y N N N
Can output before the final input Y Y N N
Outputs events if inputs are events Y Y Y N

When a command is executed, it either produces events or results based on the command type. When we execute the sort command, for example, the input is events, and the output is events in the sort order we choose. Transforming instructions, however, do not emit events. Transforming results in the processing of commands. For instance, the command stats output a table of measured results.

The activities that were used to measure such outcomes no longer exist. We can't run a command that uses events as input after we execute a transforming order.

Commands for processing data are non-streaming commands that allow the whole dataset before the command can run. Such commands do not transform, are not distributable, do not stream, and do not orchestrate. The Sort command is an example of a command to process data.

Distributable streaming

On every event returned by a search, a streaming command operates. The order of the events doesn't matter for distributable streaming. A streaming command that can be distributed is a command that can be run on the indexer, which improves the processing time. The other commands in a request decide whether the streaming command to be transmitted is running on the indexer:

  • If all the commands can be run on the indexer before the distributable streaming command, the distributable streaming command is executed on the indexer.
  • If some of the commands need to be run on the search head before the distributable streaming command, the remaining commands in the search will have to be run on the search head. When the processing of the search moves to the search head, it cannot move to the indexer again.
  • Distributable streaming commands can be used in a parallel manner on subsets of indexed data. For example, it streams the rex It extracts fields at search time and applies them to events.
  • Sds Some of the popular streaming commands available on delivery are: eval, fields, makemv, rename, regex, substitute, strcat, typer, and where.

Centralized streaming

The order of events counts for unified streaming commands. A centralized streaming command applies a transformation to any case that a search returns. But unlike distributed streaming commands, a centralized streaming command works only on the head of the search. We may also use the word "stateful streaming" to explain these orders.

Centralized streaming commands include: head, streamstats, and some cluster modes.

Transforming

A transforming command commands the results of the search to a table of data. Such commands "transform" the specified cell values for each event into numerical values, which can be used for statistical purposes by Splunk software. Don't stream commands to convert. Transforming commands are also necessary to transform the search result data into the data structures required for visualizations such as column, bar, line, area, and pie charts.

When used to measure column totals (not row totals), transforming commands include: map, timecart, details, top, uncommon and addtotals.

Generating

A command generation gets information from the indexes, without any transformations. Generating commands either generate events (distributable or centralized) or generate reports. Most commands producing information are centralised as well. The results are returned in a list or table, depending on what form the order is.

Don't expect or require an input to generate commands. Generating commands are usually invoked with a leading pipe at the search start. That is, the quest piped into a generating command cannot be performed. The exception to this is the search instruction, since it is implied at the beginning of a search, and need not be invoked.

Types of Command Generation include:dbinspect, datamodel, inputcsv, metadata, pivot, search, and tstats

Orchestrating

An orchestration command controls some part of the processing of the quest. It does not have any effect on the search's final result collection. For example, we may add an orchestrating command to a search to allow or disable a search optimization that helps to complete the overall search more quickly.

Types of commands in orchestration include redistribute, noop, and localop. If we use it with the local = t statement, the lookup command often becomes an orchestrating function.

Dataset processing

There are a handful of commands requiring the entire dataset before it can run. These commands are called the commands for the processing of data sets. Such commands do not transform, are not distributable, do not stream, and do not orchestrate. In specific cases, some of these commands fit into certain forms or where particular arguments are used.

Next TopicSplunk Sort Command




Youtube For Videos Join Our Youtube Channel: Join Now

Feedback

Help Others, Please Share

facebook twitter pinterest

Learn Latest Tutorials

Splunk tutorial

Splunk
SPSS tutorial

SPSS
Swagger tutorial

Swagger
T-SQL tutorial

Transact-SQL
Tumblr tutorial

Tumblr
React tutorial

ReactJS
Regex tutorial

Regex
Reinforcement learning tutorial

Reinforcement Learning
R Programming tutorial

R Programming
RxJS tutorial

RxJS
React Native tutorial

React Native
Python Design Patterns

Python Design Patterns
Python Pillow tutorial

Python Pillow
Python Turtle tutorial

Python Turtle
Keras tutorial

Keras

Preparation

Aptitude

Aptitude
Logical Reasoning

Reasoning
Verbal Ability

Verbal Ability
Interview Questions

Interview Questions
Company Interview Questions

Company Questions

Trending Technologies

Artificial Intelligence

Artificial Intelligence
AWS Tutorial

AWS
Selenium tutorial

Selenium
Cloud Computing

Cloud Computing
Hadoop tutorial

Hadoop
ReactJS Tutorial

ReactJS
Data Science Tutorial

Data Science
Angular 7 Tutorial

Angular 7
Blockchain Tutorial

Blockchain
Git Tutorial

Git
Machine Learning Tutorial

Machine Learning
DevOps Tutorial

DevOps

B.Tech / MCA

DBMS tutorial

DBMS
Data Structures tutorial

Data Structures
DAA tutorial

DAA
Operating System

Operating System
Computer Network tutorial

Computer Network
Compiler Design tutorial

Compiler Design
Computer Organization and Architecture

Computer Organization
Discrete Mathematics Tutorial

Discrete Mathematics
Ethical Hacking

Ethical Hacking
Computer Graphics Tutorial

Computer Graphics
Software Engineering

Software Engineering
html tutorial

Web Technology
Cyber Security tutorial

Cyber Security
Automata Tutorial

Automata
C Language tutorial

C Programming
C++ tutorial

C++
Java tutorial

Java
.Net Framework tutorial

.Net
Python tutorial

Python
List of Programs

Programs
Control Systems tutorial

Control System
Data Mining Tutorial

Data Mining
Data Warehouse Tutorial

Data Warehouse