Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4,000 results
Sorted by:
05-24-2019
07:44 PM
I am making 5 tokens using below query :
<search>
<query>|makeresults |index=capaplan_wan_ibfs InOut="in"
| eval Device_Interface = orig_host . ":" . I...
Show results in replies (4)
-
...n a row. Please remove makeresults as follows : <query>index=capaplan_wan_ibfs InOut="i...
-
@surekhasplunk, you dont need makeresults and more over the search will throw an error. Try e...
-
@surekhasplunk, kindly use the formatting (code sample) for readability. What's the use of makeresults...
-
...ell. so using makeresults
07-09-2020
01:36 AM
Hello experts, I am trying to create a custom macro, from that it will returns a result depends on the argument I pass to it, like this: | makeresults | eval param=1 | eval result=case(p...
Labels
- Labels:
-
other
12-18-2017
10:23 AM
Hello,
I need to spoof some data and am using |makeresults for 3 hosts and their port status of "UP" (and eventually "DOWN")
| makeresults
| eval _raw = "host1%UP%UP%UP%#host2%UP%UP%UP%#h...
03-24-2020
11:54 AM
...pp:
| makeresults
| eval event_hash=123
| eval kommentar=abc
| eval wann = now()
| table event_hast kommentar wann
it works perfectly....
But if im going to Save this as a dashboard Panel a...
06-16-2018
03:29 AM
hi Team,
We have a requirement where we get results of more than 50000 when we run serach for last 24 hours. We need to set an alert in ITSI based on the count of result. Since by default the makeresults...
04-29-2020
07:28 AM
I have below query and it should gives result of time filter of last four hours (or) last 24 hours.
|makeresults |bucket _time span=1h|stats count by _time
But it giving only latest hour i...
Labels
- Labels:
-
configuration
Show results in replies (3)
-
makeresults by itself generates a single event with the current timestamp. Therefore, that e...
-
...ax =0" once I got proper Time slicing | makeresults | bin _time span=1h | fields _time | join max=0...
-
...oin max =0" once I got proper Time slicing | makeresults | bin _time span=1h | fields _time | join m...
07-10-2020
01:05 AM
Hello experts, I am using makeresults command to create a macro like below: | `get_indexes_by_args(1)` And the macro will return the string like below: index IN ("apps", "_apps") Now I want to p...
Labels
- Labels:
-
subsearch
12-12-2019
02:23 AM
1 Karma
Hello all,
I just cannot wrap my head around how splunk does looping.
Below is what I'm currently trying to do:
Percentage is calculated as (met / score) * 100.
In my "forecast" co...
Show results in replies (3)
-
...ncrement value for the score. I am taking it as one here. Please test and let us know. |makeresults...
-
...eed: | makeresults | eval _raw="score=5, met=3 missed=2,pct=60" | kv | rename COMMENT AS "Everything a...
-
...his: | makeresults | eval _raw="metORmissed missed missed met met met met met met met met met met m...
03-03-2020
04:57 AM
1 Karma
...yhost001 to myhost999
So we want to loop through all those servers and do a dnslookup
|makeresults
| eval src_host_001="myhost001"
...
| eval src_host_999="myhost999"
| foreach src_host_* [e...
