Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
6,000 results
Sorted by:
06-06-2021
12:41 AM
...R d.hash="bbbbbbbbbb" OR d.hash="ccccccccccc" CURRENT SEARCH -- not giving the expected result. index=hashstore
[| makeresults
| rename a.hash{} as hash
| eval a.hash="a...
05-24-2019
07:44 PM
I am making 5 tokens using below query :
<search>
<query>|makeresults |index=capaplan_wan_ibfs InOut="in"
| eval Device_Interface = orig_host . ":" . I...
Show results in replies (4)
-
...n a row. Please remove makeresults as follows : <query>index=capaplan_wan_ibfs InOut="i...
-
@surekhasplunk, you dont need makeresults and more over the search will throw an error. Try e...
-
@surekhasplunk, kindly use the formatting (code sample) for readability. What's the use of makeresults...
-
...ell. so using makeresults
07-09-2020
01:36 AM
Hello experts, I am trying to create a custom macro, from that it will returns a result depends on the argument I pass to it, like this: | makeresults | eval param=1 | eval result=case(p...
Labels
- Labels:
-
other
12-18-2017
10:23 AM
Hello,
I need to spoof some data and am using |makeresults for 3 hosts and their port status of "UP" (and eventually "DOWN")
| makeresults
| eval _raw = "host1%UP%UP%UP%#host2%UP%UP%UP%#h...
12-11-2019
04:46 PM
I executed the following SPL with makeresults, but the results only give me the fields for _time and _raw... i don't get parsed fields. Can this be solved?
|makeresults count=100|eval _raw="P...
Show results in replies (5)
-
@richgalloway I think there is a TYPO in command . It should be |makeresults annotate=true .
-
Your SPL only creates two fields: _time (via makeresults ) and _raw. If you use | makeresults a...
-
Try this: |makeresults count=100|eval _raw="Process Create: UtcTime: 2017-04-28 22:08:22.025 P...
-
|makeresults |eval _raw="Process Create: UtcTime: 2017-04-28 22:08:22.025 ProcessGuid: {a...
-
...0 records for testing. | makeresults count=10 | eval _raw="Process Create: UtcTime: 2017-04-28 2...
05-08-2021
07:31 AM
I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured with -7d@d to -1d@d (past 7 days). I would like to makeresults for the f...
Labels
- Labels:
-
stats
02-12-2019
02:22 AM
1 Karma
If in case there are no results then dummy data should be added and returned from the subsearch ortherwise the actual data should be retruned to eval condition?
i.e How to make use of makeresults...
- Tags:
- commands
03-26-2020
05:34 AM
Hello,
One of the dashboards has a makeresults query like below, with about 250 append statements.
| makeresults| eval active="true"| makemv delim="," active| eval code="1234"| makemv d...
12-09-2021
10:18 PM
| makeresults | eval _raw = "user_name machine_name event_name logon_time user1 machine1 logon 12/9/2021 7:20 user1 machine1 logoff 12/9/2021 7:22 user1 machine1 logon 12/9/2021 8:20 user1 m...
- Tags:
- makeresults
07-11-2019
07:44 AM
For example I have this query:
index=en_amp_api
[ | makeresults
| eval time = relative_time(now(),"-h@w1")
| eval format = strftime(time, "%m/%d/%Y:%H:%M:%S")
| eval e...
- Tags:
- splunk-cloud
