Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I execute several functions with a single (perhaps custom) command?

kamryn
Explorer
‎05-23-2019 01:15 PM

Based on the statistical data we have to generate, we normally have to type out many functions like so:

search string |stats median(a) as "The Median" stdev(a) as "Standard Deviation" min(a) as "Minimum" max(a) as "Maximum" range(a) as "The Range"

Is it possible to define a function to combine multiple functions to be ran at once?

For example something like:

SuperStats(a)

Then have it automatically display in the chart the other functions such as median, standard deviation, minimum, maximum and range?

I understand there are custom searches that can be created but I am not a programmer, if there's any other native options to take advantage of to perform this, I would like to look at them before attempting to go down that route.

I hope the wording in my question makes sense. Please let me know if you have any questions and thank you for any advice you might have to share.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.

View solution in original post

Preview file
1 KB
Reply
Solved! Jump to solution
Solution

dmarling
Builder
‎05-23-2019 01:43 PM

you can create a search macro that has a variable passed into it. It would look like this when you set it up:
alt text

And when you execute a search it would look like this:

search string | `SuperStats(a)`

Here's a run anywhere example once you get it created:

index=_internal sourcetype="splunk_web_access"
| `SuperStats(bytes)`

Documentation is here: https://docs.splunk.com/Documentation/Splunk/7.2.6/Knowledge/Definesearchmacros

If this comment/answer was helpful, please up vote it. Thank you.
Preview file
1 KB
Reply
Solved! Jump to solution

kamryn
Explorer
‎05-23-2019 02:16 PM

This is exactly what I was looking for. Thank you so much.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...