Usage of Splunk commands  : MAKERESULTS

Usage of Splunk commands : MAKERESULTS is as follows

  • Makeresults command generates the specified number of search result in the result set.
  • If you don’t specify any arguments with it then it runs in the local machine and generate one result with only the _time field.
  • This is a generating command must be start with a pipe.
Find below the skeleton of the usage of the command “makeresults” in SPLUNK :

| makeresults

Example 1:

| makeresults

Result:

mkExplanation:

In the above query we don’t specify any argument with the “makeresults” command so it will run in the local machine and returns the “_time” field as a result.

*************************************************************************************

Example 2:

| makeresults
| eval A=now()
| eval CurrentTime(NOW)=strftime(A,"%c")
| eval Time(_time)=strftime(_time,"%c")
| fields - A,_time

Result :

mn

Explanation :

In the above query we have used the a function “now” with the “eval” command so it will take the present time of the local machine and  will show the epochtime of the present time in the “A” field . Then by the “strftime” function we have converted the epochtime of the present time to human readable format in the “CurrentTime(NOW)” field as well we have done the same with the “_time” field and put the data in “Time(_time)” field. At last by the “fields” command we have excluded the “A” and “_time” field.

Now you can effectively utilize “makeresults”  command in  your daily use to meet your requirement !!

 Hope you are now comfortable in : Usage of Splunk commands  : MAKERESULTS

 

 HAPPY SPLUNKING !!

Advertisements