Splunk Snippets

Beginner

makeresults

makeresults can be used to run SPL queries without having to specify an index or lookup. This can be very helpful when testing out search logic or specifying simple data in a dashboard panel.

| makeresults
| eval hello = "world"
| table hello

Intermediate

Expert

Likeness Algorithms

More details can be found on my Splunk String Likeness post.

| makeresults
| eval domain1 = "mktbs.net"
| eval domain2 = "mkts.net"
| eval domain3 = "gmail.com"
| jellyfisher jaro_winkler(domain1,domain2)
| rename jaro_winkler AS jaro_winkler_1_and_2
| jellyfisher jaro_winkler(domain1,domain3)
| rename jaro_winkler AS jaro_winkler_1_and_3