Makeresult with hosts and date range

cboonyan · ‎05-08-2021

I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured with -7d@d to -1d@d (past 7 days).

I would like to makeresults for the following output:

HOST DATE

host1 Date1

host1 Date2

host1 Date3

...

host1 Date7

host2 Date1

host2 Date2

...

host3 Date7

i have tried the following:

| makeresults

| eval HOST=“host1 host2 host3”

| makemv delims=“ “ HOST

| mvexpand HOST

and a combination of

| bucket _time span=1d

| stats count by HOST, _time

appreciate any insights into this, thanks!

tscroggins · ‎05-08-2021

@cboonyan

You're on the right track with makeresults. Here's one possible solution:

Makeresult with hosts and date range

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation

Makeresult with hosts and date range

stats

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!