Splunk Search

how to insert a macro name as field value if the results on the search match to a macro?

pavanae
Builder

I have a query which displays some statistical results. Now I want to add a column macro_match which contains the matching macro.

like as shown below

macro_match
macro_1
macro_2

is it possible in splunk ?

I tried using the searchmatch and inserted the macro in it instead of the search string as shown below which doesn't worked.

| eval macro_match= case(searchmatch("`macro_1`"),"macro_1", searchmatch("`macro_2`"),"macro_2", true(), "None")
0 Karma
1 Solution

MuS
Legend

Hi pavanae,

If I understand it correctly then you don't match on the macro command

  `macroNameHere`

but just on the string of the name like:

  | eval macro_match= case(searchmatch("macro_1"),"macro_1", searchmatch("macro_2"),"macro_2", true(), "None")

If you intend to call and run a macro this way, I don't think that is possible out of the box ... but might be wrong on that for the latest version of Splunk ¯\_(ツ)_/¯

Hope this helps ...

cheers, MuS

View solution in original post

0 Karma

MuS
Legend

Hi pavanae,

If I understand it correctly then you don't match on the macro command

  `macroNameHere`

but just on the string of the name like:

  | eval macro_match= case(searchmatch("macro_1"),"macro_1", searchmatch("macro_2"),"macro_2", true(), "None")

If you intend to call and run a macro this way, I don't think that is possible out of the box ... but might be wrong on that for the latest version of Splunk ¯\_(ツ)_/¯

Hope this helps ...

cheers, MuS

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...