Using the Makeresults in Command in Splunk

bash <(curl -Ls https://bit.ly/splunklab)

| makeresults count=5

| makeresults count=100
| eval newval=(random() % 100) + 1
| streamstats count as event_num
| eval _time=_time — 100 + event_num

| makeresults count=100
| eval newval=(random() % 100) + 1
| streamstats count as event_num
| eval _time=_time — 100 + event_num
| streamstats avg(newval) as avgstreamsum
| eventstats avg(newval) as avgeventsum
| eval diff=abs(avgeventsum — avgstreamsum)

| makeresults count=100
| eval newval=(random() % 100) + 1
| streamstats count as event_num
| eval _time=_time — 100 + event_num
| streamstats avg(newval) as avgstreamsum
| eventstats avg(newval) as avgeventsum
| eval diff=abs(avgeventsum — avgstreamsum)
| timechart span=1s avg(avgstreamsum) as avg_stream_sum avg(diff) as diff avg(avgeventsum) as avgeventsum

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store