Skip to main content
Lantern Home
 
 
Splunk Lantern

Using the makeresults command

  1. Last updated
  2. Save as PDF

 

When learning a new command, you might need some pretend search results to work with. This can help you to create dashboards, prototypes, perform testing, or perform any other task that requires search results.

Solution

This video shows you how to effectively use the makeresults command to generate a specified number of search results in temporary memory. You'll learn:

  • How to return a single result or more than one result
  • How to use the annotate argument to generate values for the _raw, _time, host, source, and sourcetype fields, as well as the Splunk server
  • How to use the format argument to return results in CSV or JSON format
  • How to create a host and location field to use with subsequent commands
  • How to use supporting commands like streamstats and eval that are often paired with makeresults for even further customization

Next steps

This article has been brought to you by Splunk Education. We’ve learned that the strongest superheroes up-skill with Splunk Education. That’s why we are making Splunk training easier and more accessible than ever with more than 20 self-paced, free eLearning courses. You can start with foundational courses like Intro to Splunk or dive into more advanced courses like Search Under the HoodResult Modification, and many more. Enroll today so you have the skills to detect the good, the bad, and the unproductive.

In addition, these resources might help you understand and implement this guidance:

  • Splunk Docs: Makeresults

  • Splunk OnDemand Services: Use these credit-based services for direct access to Splunk technical consultants with a variety of technical services from a pre-defined catalog. Most customers have OnDemand Services per their license support plan. Engage the ODS team at ondemand@splunk.com if you require assistance.