Or filtering to different office locations in the BY field of a stats command. This gives you the flexibility to, for instance, calculate current sales in different currencies by setting the exchange rate as a parameter that you enter when running the search. You can also define parameters on a macro, allowing you to call the macro and pass in other fields or values. Macros are more powerful than just being a substitute for part of the search. Macros can also be a way to ensure consistency by defining the span used on timecharts. You can use macros to search multiple indexes without having to enter “index=a OR index=b OR index=r…” every time. In Splunk terms, macros are Knowledge Objects. What are Splunk Macros?Ī macro is a short command that can be used to replace parts of or all of search strings to make your SPL searches shorter and easier to understand. In part two, I’ll demonstrate methods to create macros, and talk a little about context and sharing. In part one, I want to provide a little primer on what a macro is, show some examples of using macros. There’s a good chance you’re already using macros – they’re built into a lot of apps found on Splunk Base and heavily used in the Monitoring Console as we’ll see later. Not the scripts in MS Office often used to execute malicious code, but the little commands that can do big things in Splunk.
0 kommentar(er)
