Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I execute several functions with a single (perhaps custom) command?

kamryn
Explorer
‎05-23-2019 01:15 PM

Based on the statistical data we have to generate, we normally have to type out many functions like so:

search string |stats median(a) as "The Median" stdev(a) as "Standard Deviation" min(a) as "Minimum" max(a) as "Maximum" range(a) as "The Range"

Is it possible to define a function to combine multiple functions to be ran at once?

For example something like:

SuperStats(a)

Then have it automatically display in the chart the other functions such as median, standard deviation, minimum, maximum and range?

I understand there are custom searches that can be created but I am not a programmer, if there's any other native options to take advantage of to perform this, I would like to look at them before attempting to go down that route.

I hope the wording in my question makes sense. Please let me know if you have any questions and thank you for any advice you might have to share.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.
Preview file
1 KB
Reply
Solved! Jump to solution

kamryn
Explorer
‎05-23-2019 02:16 PM

This is exactly what I was looking for. Thank you so much.

0 Karma
Reply
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...