Hello again everyone! Todays post we demonstrate using search macros and how to create them to make searching easier. In todays example I will reuse some old blog data from a previous post.
So imagine we have a number of log records from a log we are monitoring and we want to count the number of logs by the extracted host name, like this:
As you can see in this example there are 15 records but only 5 have an extracted_Host, the problem is that this will throw our total count off.
So if I want to include all records in the Total I need to add in a fillnull value, like this:
But typing the whole fillnull line can be repetitive so we can simplify this by creating a search macro. Go to Settings -> Advanced search -> Search macros adn select New Search Macro. Enter the necessary information for your macro. For this example here is the macro I created:
Now we should be able to go back to the search and add "`fillnull(None, extracted_Host)`" and search again and you would get the same results.
Now you don't have to enter the "fillnull value=None extracted_Host" line you can just replace it like above AND this re-usable so if you need to do this to another field, for example "User" as user may not exist for each record, you could simply use "`fillnull(None, User)` "
Hope this helps you make searching simpler for your clients and yourself. Macros can come in really handy in many circumstances. Have a great week!