https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425019#M173386 <P>I have a system that receives data from other systems for auditing purposes. One of these systems uses Splunk and I have a need to parse the queries. I am hoping someone can point me to a grammar for the Splunk language (Antlr, BNF, etc.).</P> Fri, 25 Jan 2019 18:22:20 GMT inovexsean 2019-01-25T18:22:20Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425019#M173386 <P>I have a system that receives data from other systems for auditing purposes. One of these systems uses Splunk and I have a need to parse the queries. I am hoping someone can point me to a grammar for the Splunk language (Antlr, BNF, etc.).</P> Fri, 25 Jan 2019 18:22:20 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425019#M173386 inovexsean 2019-01-25T18:22:20Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425020#M173387 <P>Install splunk and go to the <CODE>/opt/splunk/etc/system/README/</CODE> directory. Poke around in there. You will find all that you need.</P> Fri, 25 Jan 2019 19:33:09 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425020#M173387 woodcock 2019-01-25T19:33:09Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425021#M173388 <P>I'll try, and I appreciate the info, but my terminal here (which is not my development box) is pretty locked-down.</P> Fri, 25 Jan 2019 19:36:35 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425021#M173388 inovexsean 2019-01-25T19:36:35Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425022#M173389 <P>Here is the search BNF: <A href="https://gist.github.com/ChrisYounger/e51f9c3aba0f1ed02e5caee7d4a6128b">https://gist.github.com/ChrisYounger/e51f9c3aba0f1ed02e5caee7d4a6128b</A><BR /> Datatypes BNF: <A href="https://gist.github.com/ChrisYounger/520bdb1a7c8b22f5210213f83a3ab2db">https://gist.github.com/ChrisYounger/520bdb1a7c8b22f5210213f83a3ab2db</A></P> <P>I generated these by running <CODE>/opt/splunk/bin/splunk btool searchbnf list</CODE> on a fairly default Splunk 7.2 instance.</P> Sat, 26 Jan 2019 09:16:32 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425022#M173389 chrisyounger 2019-01-26T09:16:32Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425023#M173390 <P>Thanks. This'll be a big help.</P> Mon, 28 Jan 2019 13:45:08 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425023#M173390 inovexsean 2019-01-28T13:45:08Z https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425024#M173391 <P>Just install Splunk on your local machine and check it out.</P> Tue, 12 Feb 2019 00:12:06 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-Query-Grammar/m-p/425024#M173391 woodcock 2019-02-12T00:12:06Z