Our Tenzir Query Language (TQL) is a pipeline language that works
by chaining operators into data flows. When we designed TQL, we specifically
studied Splunk's Search Processing Language (SPL) , as it generally leaves
a positive impression for security analysts that are not data engineers. Our
goal was to take all the good things of SPL, but provide a more powerful
language without compromising simplicity. In this blog post, we explain how the
two languages differ using concrete threat hunting examples.
SPL TQL versus
