Skip to main content
The getschema operator in APL returns the schema of the input, including field names and their data types. You can use it to inspect the structure of the input at any point in your query pipeline. This operator is useful when exploring data structures, verifying data consistency, or debugging queries.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you can use the fieldsummary command to get schema-related information about your data. However, getschema in APL is more direct and focused specifically on returning field names and types without additional summary statistics.
| fieldsummary
In ANSI SQL, retrieving schema information is typically done using INFORMATION_SCHEMA queries. APL’s getschema operator provides a more straightforward way to get schema details without requiring system views.
SELECT COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'sample_http_logs';

Usage

Syntax

| getschema

Parameters

The getschema operator doesn’t take any parameters.

Returns

FieldTypeDescription
ColumnNamestringThe name of the field in the input.
ColumnOrdinalnumberThe index number of the field in the input.
ColumnTypestringThe data type of the field.
DataTypestringThe APL-internal name for the data type of the field.

Use case example

Query 
['sample-http-logs'] | getschema
Run in Playground Output
ColumnNameDataTypeColumnOrdinalColumnType
_sysTimedatetime0datetime
_timedatetime1datetime
content_typestring2string
geo.citystring3string
geo.countrystring4string
idstring5string
  • project: Use project to select specific fields instead of retrieving the entire schema.
  • extend: Use extend to add new computed fields to your input after understanding the schema.
  • summarize: Use summarize for aggregations once you verify field types using getschema.
  • where: Use where to filter your input based on field values after checking their schema.
  • order: Use order by to sort your input after verifying schema details.