Databases Reference
In-Depth Information
After clicking on
Save
, our macro is now available for use. We can use it like this:
sourcetype="impl_splunk_web" user=mary `webtransactions`
webtransactions
is enclosed by backticks. This is similar to the usage of backticks
on a Unix command line, where a program can be executed to generate an argument.
In this case,
`webstransactions`
is simply replaced with the raw text defined in the
macro, recreating the query we started with.
Creating a macro with arguments
Let's collapse the entire search into a macro that takes two arguments, the
user
and a value for
maxpause
.
Search WWH ::
Custom Search