Search
Find Answers
Ask questions. Get answers. Find technical product solutions from passionate members of the Splunk community.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Search
Search
Search the Community
7,792 results
Sort by:
07-01-2024
04:25 PM
...ppend [
| makeresults
| addinfo
| eval x=mvappend(info_min_time, info_max_time)
| mvexpand x
| rename x as _time
| eval _t=0
| table _time, _t
] This appended search appears very c...
Labels
- Labels:
-
subsearch
06-06-2021
12:41 AM
...R d.hash="bbbbbbbbbb" OR d.hash="ccccccccccc" CURRENT SEARCH -- not giving the expected result. index=hashstore
[| makeresults
| rename a.hash{} as hash
| eval a.hash="a...
05-24-2019
07:44 PM
I am making 5 tokens using below query :
<search>
<query>|makeresults |index=capaplan_wan_ibfs InOut="in"
| eval Device_Interface = orig_host . ":" . I...
Show results in replies (4)
-
...n a row. Please remove makeresults as follows : <query>index=capaplan_wan_ibfs InOut="i...
-
@surekhasplunk, you dont need makeresults and more over the search will throw an error. Try e...
-
@surekhasplunk, kindly use the formatting (code sample) for readability. What's the use of makeresults...
-
...ell. so using makeresults
11-10-2023
03:18 PM
Hi there: I have the following makeresults query: | makeresults count=3 | eval source="abc" | eval msg="consumed" | eval time_1="2023-11-09T21:33:05Z" | eval time_2="2023-11-09T21:40:0...
08-11-2022
07:37 AM
Hello!
I am trying to use makeresults + eval inside a sendalert parameters, but it doesn't return what i need. Follow the example:
index=client1 s...
Labels
- Labels:
-
eval
-
search job inspector
-
subsearch
04-02-2024
05:53 AM
07-09-2020
01:36 AM
Hello experts, I am trying to create a custom macro, from that it will returns a result depends on the argument I pass to it, like this: | makeresults | eval param=1 | eval result=case(p...
12-18-2017
10:23 AM
Hello,
I need to spoof some data and am using |makeresults for 3 hosts and their port status of "UP" (and eventually "DOWN")
| makeresults
| eval _raw = "host1%UP%UP%UP%#host2%UP%UP%UP%#h...
12-11-2019
04:46 PM
I executed the following SPL with makeresults, but the results only give me the fields for _time and _raw... i don't get parsed fields. Can this be solved?
|makeresults count=100|eval _raw="P...
Show results in replies (5)
-
Your SPL only creates two fields: _time (via makeresults ) and _raw. If you use | makeresults a...
-
@richgalloway I think there is a TYPO in command . It should be |makeresults annotate=true .
-
Try this: |makeresults count=100|eval _raw="Process Create: UtcTime: 2017-04-28 22:08:22.025 P...
-
|makeresults |eval _raw="Process Create: UtcTime: 2017-04-28 22:08:22.025 ProcessGuid: {a...
-
...0 records for testing. | makeresults count=10 | eval _raw="Process Create: UtcTime: 2017-04-28 2...
10-11-2022
05:05 AM
I wrote an external command in python and the only way I can get it to work is to put a | makeresults prior to it in the search. | makeresults | mycustomcommand | My command just pulls b...
