Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Makeresult with hosts and date range

cboonyan
New Member
‎05-08-2021 07:31 AM

I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured with -7d@d to -1d@d (past 7 days).

I would like to makeresults for the following output:

HOST   DATE

host1   Date1

host1   Date2

host1   Date3

...

host1   Date7

host2   Date1

host2   Date2

...

...

host3    Date7

i have tried the following:

| makeresults

| eval HOST=“host1 host2 host3”

| makemv delims=“ “ HOST

| mvexpand HOST

and a combination of 

| bucket _time span=1d

| stats count by HOST, _time

appreciate any insights into this, thanks!

Labels (1)
Labels
0 Karma
Reply

tscroggins
Influencer
‎05-08-2021 07:49 AM

@cboonyan 

You're on the right track with makeresults. Here's one possible solution:

| makeresults count=7
| streamstats count
| eval _time=relative_time(_time-86400*count, "@d")
| fields - count
| eval host="host1 host2 host3", host=split(host, " ")
| mvexpand host
| table host _time
| sort host _time
| rename host as HOST, _time as DATE
| fieldformat DATE=strftime(DATE, "%F")

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...