Skip to main content
The getschema operator in APL returns the schema of a dataset, including field names and their data types. You can use it to inspect the structure of a dataset before performing queries or transformations. This operator is useful when exploring new datasets, verifying data consistency, or debugging queries.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you can use the fieldsummary command to get schema-related information about a dataset. However, getschema in APL is more direct and focused specifically on returning field names and types without additional summary statistics.
| fieldsummary
In ANSI SQL, retrieving schema information is typically done using INFORMATION_SCHEMA queries. APL’s getschema operator provides a more straightforward way to get schema details without requiring system views.
SELECT COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'sample_http_logs';

Usage

Syntax

| getschema

Parameters

The getschema operator doesn’t take any parameters.

Returns

FieldTypeDescription
ColumnNamestringThe name of the field in the dataset.
ColumnOrdinalnumberThe index number of the field in the dataset.
ColumnTypestringThe data type of the field.
DataTypestringThe APL-internal name for the data type of the field.

Use case example

You can use getschema to explore the schema of your log data before running queries. Query 
['sample-http-logs'] | getschema
Run in Playground Output
ColumnNameDataTypeColumnOrdinalColumnType
_sysTimedatetime0datetime
_timedatetime1datetime
content_typestring2string
geo.citystring3string
geo.countrystring4string
idstring5string
This query helps you verify the available fields and their data types before further analysis.
  • project: Use project to select specific fields instead of retrieving the entire schema.
  • extend: Use extend to add new computed fields to your dataset after understanding the schema.
  • summarize: Use summarize for aggregations once you verify field types using getschema.
  • where: Use where to filter datasets based on field values after checking their schema.
  • order: Use order by to sort datasets after verifying schema details.