Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I execute several functions with a single (perhaps custom) command?

kamryn
Explorer
‎05-23-2019 01:15 PM

Based on the statistical data we have to generate, we normally have to type out many functions like so:

search string |stats median(a) as "The Median" stdev(a) as "Standard Deviation" min(a) as "Minimum" max(a) as "Maximum" range(a) as "The Range"

Is it possible to define a function to combine multiple functions to be ran at once?

For example something like:

SuperStats(a)

Then have it automatically display in the chart the other functions such as median, standard deviation, minimum, maximum and range?

I understand there are custom searches that can be created but I am not a programmer, if there's any other native options to take advantage of to perform this, I would like to look at them before attempting to go down that route.

I hope the wording in my question makes sense. Please let me know if you have any questions and thank you for any advice you might have to share.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.

View solution in original post

Preview file
57 KB
Reply
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.
Preview file
57 KB
Reply
Solved! Jump to solution

kamryn
Explorer
‎05-23-2019 02:16 PM

This is exactly what I was looking for. Thank you so much.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...