Topics

| pdf version

Toolbox

Splunk > The IT Search Company

  • Search and navigate IT data from applications, servers and network devices in real-time.
  • Download Splunk

Localized Splunk documentation

Looking for Splunk documentation in other languages?

Documentation | Discussion | View source | History

map

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10

map

Synopsis

Looping operator, performs a search over each search result.

Syntax

map (<searchoption>|<savedsplunkoption>) [<maxsearchesoption>]

Arguments

<maxsearchesoption>
Syntax: maxsearches=<int>
Description: The maximum number of searches to run. This will generate a message if there are more search results.
<savedsplunkoption>
Syntax: <string>
Description: Name of a saved search.
<searchoption>
Syntax: search="<string>"
Description: The search to map. The search argument can either be a subsearch to run or just the name of a savedsearch. The argument also supports the metavariable: $_serial_id$, a 1-based serial number within map of the search being executed.

Description

For each input search result, takes the field-values from that result and substitutes their value for the $variable$ in the search argument.

Examples

Example 1: Example usage

error | localize | map mytimebased_savedsearchSearch

Example 2: Example usage

... | map search="search starttimeu::$start$ endtimeu::$end$" maxsearches=10Search


See also

gentimes, search

Retrieved from "http://www.splunk.com/base/Documentation/4.0.1/SearchReference/Map"
Revision: 207 Contact Privacy Policy Terms of Use Community content licensed under Creative Commons

Copyright © 2005-2010 Splunk Inc. All rights reserved.