The search results created by the makeresults command are created in temporary memory and are not saved to disk or indexed. Generating commands use a leading pipe character and should be the first command in a search. The makeresults command is a report-generating command. If you provide a data argument, makeresults expects this data to follow the format specified by a corresponding format argument. data Syntax: data= Description: A collection of inline data that makeresults converts into events. If you provide a format argument, makeresults expects a corresponding data argument with inline data that fits the specified format. Syntax: csv | json Description: Specifies the format of the inline data supplied by the data argument. If you specify these arguments, makeresults ignores other arguments such as count or annotate. You can use the format and data arguments to convert CSV- or JSON-formatted data into Splunk events. Description: Use to generate results on a specific server group or groups.
splunk-server-group Syntax: (splunk_server_group=). splunk-server Syntax: splunk_server= Description: Use to generate results on one specific server. You can use these fields to compute aggregate statistics. The name of the server that the makeresults command is run on. Default: false Fields generated with annotate=true Fieldĭate and time that you run the makeresults command.
If annotate=false, generates results with only the _time field. Default: 1 annotate Syntax: annotate= Description: If annotate=true, generates results with the fields shown in the table below. If you do not specify the annotate argument, the results have only the _time field. Optional arguments count Syntax: count= Description: The number of results to generate. If you do not specify any of the optional arguments, this command runs on the local machine and generates one result with only the _time field. Generates the specified number of search results in temporary memory.
0 kommentar(er)
