Spread our blog

Usage of Splunk commands  : MAKERESULTS

Usage of Splunk makeresluts command is given as follows

  • Makeresults command generates the specified number of the search results in the result set.
  • If you don’t specify any arguments with it then it runs in the local machine and generate one result with only the _time field.
  • This is a generating command that must start with a pipe.
Find below the skeleton of the usage of the command “makeresults” in SPLUNK :

| makeresults

Example 1:

| makeresults

Result:

mkExplanation:

In the above query, we don’t specify any argument with the Splunk makeresults command so it will run in the local machine and returns the “_time” field as a result.

*************************************************************************************

Example 2:

| makeresults
| eval A=now()
| eval CurrentTime(NOW)=strftime(A,"%c")
| eval Time(_time)=strftime(_time,"%c")
| fields - A,_time

Result :

mn

Explanation :

In the above query, we have used the function “now” with the “eval” command so it will take the present time of the local machine and will show the epochtime of the present time in the “A” field. Then by the “strftime” function, we have converted the epochtime of the present time to human-readable format in the “CurrentTime(NOW)” field as well we have done the same with the “_time” field and put the data in “Time(_time)” field. At last by the “fields” command we have excluded the “A” and “_time” field.

Now you can effectively utilize the splunk “makeresults”  command in your daily use to meet your requirement !!

 Hope you are now comfortable in Usage of Splunk commands: MAKERESULTS

 

 HAPPY SPLUNKING !!

What’s your Reaction?
+1
+1
+1
+1
+1
3
+1
1
+1

Spread our blog

LEAVE A REPLY

Please enter your comment!
Please enter your name here