Solved: How to create a macro for the below scenario?

pavanae · ‎09-12-2016

I have a search as follows

earliest="08/01/2016:00:00:01" latest="08/01/2016:23:59:59" getABCsWin("XYZ","abc12345678")

Now how can I add the time format string as mentioned below for all the searches contains unique search string "getABCsWin"

timeformat="%d/%m/%Y:%H:%M:%S”

What condition and search string etc should I have to use for creating a macro?

pavanae · ‎09-15-2016

I reposted the question with complete details as below

https://answers.splunk.com/answers/451277/how-to-and-where-can-i-add-the-timeformat-string-t.html?ut...

View solution in original post

pavanae · ‎09-15-2016

I reposted the question with complete details as below

https://answers.splunk.com/answers/451277/how-to-and-where-can-i-add-the-timeformat-string-t.html?ut...

sundareshr · ‎09-13-2016

What would you like the macro to do? Can you share some examples?

pavanae · ‎09-13-2016

when any splunk search runs with the word "getABCsWin"(in any dashboard or alert etc etc). I want the string timeformat="%d/%m/%Y:%H:%M:%S” to be added to that search. So that i can get the output as i needed i.e; in the DD/MM/YYYY format.

How to create a macro for the below scenario?

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Admin Your Splunk Cloud, Your Way