Close Menu
    Splunk

    Kinds of Command available in Splunk – Splunk Visualization Commands

    Terry WhiteBy Updated:No Comments3 Mins Read

    Kinds of Command available in Splunk – Splunk Visualization Commands

    In the search head when performing a query, we use numerous commands. So every command is categorized with its usage. Moreover, this is among the most common interview questions which are asked by the interviewers.

    All search commands are categorized into six. They include

    • Centralized Streaming Command
    • Distributed Streaming Command
    • Transforming Command
    • Orchestrating Command
    • Generating Command
    • Dataset Processing Command

    Some of the commands fit into a single category while other commands fit into several categories.

    Non-streaming commands and Streaming Commands

    1. Streaming Command functions upon every event & returned by a search. One event in & another event out.

    Examples include rex, eval, etc.

    1. Eval command evaluates every event minus considering other events. Non-Streaming Command needs events from every indexer before command would operate on a full set of events.

    Examples: stats, dedup, top, etc.

    1. Dedup command requires a whole set of information before it executes.
    2. Distributed Streaming Command

    The distributed streaming command operates on an indexer or search head, relying on where you will use the command in search. Moreover, these distributable streaming commands are applied to a subset of indexed information in a parallel manner.

    Examples include eval, fields, multikv, mvexpand, makemv, etc.

    Centralized Streaming Command

    With centralized streaming command, it applies to every event given back by a search. Different from distributed streaming commands, the centralized streaming command just works on the search head.

    Examples include stream stats, head, etc.

    Generating Command

    These commands generate reports or events from a single or more index minus transforming events. Remember that generating commands begins with a leading pipe.

    Some of the examples include input lookup, search, and make results, etc.

    Splunk Visualization Commands or Transforming Command

    This command orders result – result set. Moreover, the command “changes” stated cell values for every event to numerical values aimed at statistical analysis. This is also known as “Splunk Visualization Commands” because it is used to visualize the data into graphical format.

    Examples are time charts, stats, top, chart, rare, etc.

    Orchestrating Command

    Orchestrating command allows one to controls aspects of the way a search is handled. They do not affect the ending result of a search. Orchestrating commands help one to disable or enable search optimization as it helps to operate the query quicker.

    Examples include: lookup, localop, redistribute, etc.

    Note that the lookup command just operates as an orchestrating command when local=t.

    Dataset Processing Command:

    This command needs the whole dataset before the command can operate. Some of the commands fit into additional command kinds in some special cases or the time precise arguments are utilized with the commands.

    Examples include append, join, dedup, fill-null, sort, etc.

    Splunk Use Case – Dubai Airport
    Difference between User and Power User in Splunk
    Steps on how to Install Splunk on Linux Server
    Service Now Splunk Integration
    Splunk Enterprise Security Suite Installation
    Share.

    Terry White is a professional technical writer, WordPress developer, Web Designer, Software Engineer, and Blogger. He strives for pixel-perfect design, clean robust code, and a user-friendly interface. If you have a project in mind and like his work, feel free to contact him

    Related Posts

    Add A Comment
    Leave A Reply