Solved: how to insert a macro name as field value if the r...

pavanae · ‎01-08-2020

I have a query which displays some statistical results. Now I want to add a column macro_match which contains the matching macro.

like as shown below

macro_match
macro_1
macro_2

is it possible in splunk ?

I tried using the searchmatch and inserted the macro in it instead of the search string as shown below which doesn't worked.

| eval macro_match= case(searchmatch("`macro_1`"),"macro_1", searchmatch("`macro_2`"),"macro_2", true(), "None")

MuS · ‎01-08-2020

Hi pavanae,

If I understand it correctly then you don't match on the macro command

  `macroNameHere`

but just on the string of the name like:

  | eval macro_match= case(searchmatch("macro_1"),"macro_1", searchmatch("macro_2"),"macro_2", true(), "None")

If you intend to call and run a macro this way, I don't think that is possible out of the box ... but might be wrong on that for the latest version of Splunk ¯\_(ツ)_/¯

Hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎01-08-2020

Hi pavanae,

If I understand it correctly then you don't match on the macro command

  `macroNameHere`

but just on the string of the name like:

  | eval macro_match= case(searchmatch("macro_1"),"macro_1", searchmatch("macro_2"),"macro_2", true(), "None")

If you intend to call and run a macro this way, I don't think that is possible out of the box ... but might be wrong on that for the latest version of Splunk ¯\_(ツ)_/¯

Hope this helps ...

cheers, MuS

how to insert a macro name as field value if the results on the search match to a macro?

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?