-
Notifications
You must be signed in to change notification settings - Fork 6
/
splunk_search.tmLanguage
146 lines (146 loc) · 6.17 KB
/
splunk_search.tmLanguage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>fileTypes</key>
<array>
<string>splunk</string>
<string>spl</string>
</array>
<key>name</key>
<string>Splunk Query Language</string>
<key>patterns</key>
<array>
<dict>
<key>comment</key>
<string>Splunk Built-in functions</string>
<key>match</key>
<string>(?<=(\||\[))([\s]*)\b(abstract|accum|addcoltotals|addinfo|addtotals|analyzefields|anomalies|anomalousvalue|append|appendcols|appendpipe|arules|associate|audit|autoregress|bucket|bucketdir|chart|cluster|collect|concurrency|contingency|convert|correlate|crawl|datamodel|dbinspect|dbxquery|dbxlookup|dedup|delete|delta|diff|dispatch|erex|eval|eventcount|eventstats|extract|fieldformat|fields|fieldsummary|file|filldown|fillnull|findtypes|folderize|foreach|format|from|gauge|gentimes|geostats|head|highlight|history|input|inputcsv|inputlookup|iplocation|join|kmeans|kvform|loadjob|localize|localop|lookup|makecontinuous|makemv|makeresults|map|metadata|metasearch|multikv|multisearch|mvcombine|mvexpand|nomv|outlier|outputcsv|outputlookup|outputtext|overlap|pivot|predict|rangemap|rare|regex|relevancy|reltime|rename|replace|rest|return|reverse|rex|rtorder|run|savedsearch|script|scrub|search|searchtxn|selfjoin|sendemail|set|setfields|sichart|sirare|sistats|sitimechart|sitop|sort|spath|stats|strcat|streamstats|table|tags|tail|timechart|top|transaction|transpose|trendline|tscollect|tstats|typeahead|typelearner|typer|uniq|untable|where|x11|xmlkv|xmlunescape|xpath|xyseries)\b(?=[\s])</string>
<key>name</key>
<string>support.class.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Eval functions</string>
<key>match</key>
<string>\b(abs|acos|acosh|asin|asinh|atan|atan2|atanh|case|cidrmatch|ceiling|coalesce|commands|cos|cosh|exact|exp|floor|hypot|if|in|isbool|isint|isnotnull|isnull|isnum|isstr|len|like|ln|log|lower|ltrim|match|max|md5|min|mvappend|mvcount|mvdedup|mvfilter|mvfind|mvindex|mvjoin|mvrange|mvsort|mvzip|now|null|nullif|pi|pow|printf|random|relative_time|replace|round|rtrim|searchmatch|sha1|sha256|sha512|sigfig|sin|sinh|spath|split|sqrt|strftime|strptime|substr|tan|tanh|time|tonumber|tostring|trim|typeof|upper|urldecode|validate)(?=\()\b</string>
<key>name</key>
<string>support.function.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Transforming functions</string>
<key>match</key>
<string>\b(avg|count|distinct_count|estdc|estdc_error|eval|max|mean|median|min|mode|percentile|range|stdev|stdevp|sum|sumsq|var|varp|first|last|list|values|earliest|earliest_time|latest|latest_time|per_day|per_hour|per_minute|per_second|rate)\b</string>
<key>name</key>
<string>support.function.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Macro Names</string>
<key>match</key>
<string>(?<=\`)[\w]+(?=\(|\`)</string>
<key>name</key>
<string>entity.name.function.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Digits</string>
<key>match</key>
<string>\b(\d+)\b</string>
<key>name</key>
<string>constant.numeric.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Escape Characters</string>
<key>match</key>
<string>(\\\\|\\\||\\\*|\\\=)</string>
<key>name</key>
<string>contant.character.escape.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Operators</string>
<key>match</key>
<string>(\|,)</string>
<key>name</key>
<string>keyword.operator.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Language Constants</string>
<key>match</key>
<string>(?i)\b(as|by|or|and|over|where|output|outputnew)\b|(?-i)\b(NOT|true|false)\b</string>
<key>name</key>
<string>constant.language.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Macro Parameters</string>
<key>match</key>
<string>(?<=\(|,|[^=]\s{300})([^\(\)\",=]+)(?=\)|,)</string>
<key>name</key>
<string>variable.parameter.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Splunk Variables</string>
<key>match</key>
<string>([\w\.]+)(\[\]|\{\})?([\s]*)(?=\=)</string>
<key>name</key>
<string>variable.splunk_search</string>
</dict>
<dict>
<key>comment</key>
<string>Comparison or assignment</string>
<key>match</key>
<string>=</string>
<key>name</key>
<string>keyword.operator.splunk_search</string>
</dict>
<dict>
<key>begin</key>
<string>(?<!\\)"</string>
<key>end</key>
<string>(?<!\\)"</string>
<key>name</key>
<string>string.quoted.double.splunk_search</string>
</dict>
<dict>
<key>begin</key>
<string>(?<!\\)'</string>
<key>end</key>
<string>(?<!\\)'</string>
<key>name</key>
<string>string.quoted.single.splunk_search</string>
</dict>
<dict>
<key>begin</key>
<string>query=\"</string>
<key>end</key>
<string>(?<!\\)"</string>
<key>name</key>
<string>meta.embedded.block.sql</string>
</dict>
<dict>
<key>begin</key>
<string>(?<!\\)```</string>
<key>end</key>
<string>(?<!\\)```</string>
<key>name</key>
<string>comment.block.splunk_search</string>
</dict>
<dict>
<key>begin</key>
<string>`comment\(</string>
<key>end</key>
<string>\)`</string>
<key>name</key>
<string>comment.block.splunk_search</string>
</dict>
</array>
<key>scopeName</key>
<string>source.splunk_search</string>
</dict>
</plist>