SPL queries in Grepr
Grepr provides limited support for Splunk's Search Processing Language (SPL).
For a full reference on SPL syntax, see the SPL Search Reference (opens in a new tab).
Supported SPL Expressions
Currently, Grepr supports only the search command, which allows users to run basic search queries. Piped queries—where multiple search stages are chained using the pipe (|) operator—are also supported with some limitations.
Piping Commands
You can chain multiple search commands using the pipe (|) operator. Each stage filters the results from the previous stage:
search <expression1> | search <expression2> | ...Note: The first search command is optional, but subsequent search commands are required to filter results further.
Basic Text Search
A basic text search performs a full-text search across the message field of log entries:
search "text to search"Field Searches
The search command can also filter logs based on field values:
search field=valueAttributes and tags can be queried using the following formats:
attributes.attr=valuetags.tagKey=valueSee Grepr processing model for more details on attributes and tags.
Note: Field searches (e.g., field=value) apply to both attributes and tags and are equivalent to attributes.field=value OR tags.field=value
If the value contains special characters or spaces, wrap it in double quotes:
search attributes.attr="double-quoted value"
search tags.tagKey="double-quoted value"Wildcard Searches
Use the asterisk (*) as a wildcard to match zero or more characters in field values:
search field=value*Boolean Operators
You can use AND, OR, and NOT to combine or modify search expressions:
search expression1 AND expression2
search expression1 OR expression2
search NOT expressionUnsupported Commands and Expressions
The following SPL features are not currently supported:
- Arithmetic operations:
+,-,*,/,% - Advanced SPL commands:
stats,table,eval,where,sort,top,rex,fields,lookup,join,dedup, and others - Subqueries