O'Reilly logo

Implementing Splunk: Big Data Reporting and Development for Operational Intelligence by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using macros to reuse logic

A macro serves the purpose of replacing bits of search language with expanded phrases. Using macros can help you reuse logic and greatly reduce the length of queries.

Let's use one of our examples from Chapter 5, Advanced Search Examples, as our example case:

sourcetype="impl_splunk_web" user=mary 
  | transaction maxpause=5m user
  | stats avg(duration) avg(eventcount)

Creating a simple macro

Let's take the last two lines of our query and convert them to a macro. First, navigate to Manager | Advanced search | Advanced search | Search macros and click on New.

Creating a simple macro

Walking through our fields, we have:

  • Destination app: This is where the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required