makeresults

It's a pretty popular search command and it is used in all sorts of situations. Below are some really cool searches that use makeresults along with other search commands.

Create a Normal Curve

| makeresults count=50000
| eval r = random() / (pow(2,31)-1)
| eval r2 = random() / (pow(2,31)-1)
| eval normal = sqrt(-2 * ln(r)) * cos(2 * pi() * r2)
| bin normal span=0.1
| stats count by normal
| makecontinuous normal

purpose:

requirements:

comments:

Props to Alexander (Xander) Johnson

How many days in this month?

 | makeresults 
 | eval days_in_month=mvindex(split(if(tonumber(strftime(_time,"%y"))%4=0,"31,29,31,30,31,30,31,31,30,31,30,31","31,28,31,30,31,30,31,31,30,31,30,31"),","),tonumber(strftime(_time,"%m"))-1)

purpose:

Given _time how many days are in this month, 31? 30? 28? 29? This eval statement uses a lookup held in a multi-value array to pull out the value in a computationally efficient manor.

requirements:

comments:

The eval expression is the solution, and the example only uses makeresults to fake create sample data

calculate duration without week end

| makeresults count=5 
| eval aging=random()%25 
| eval end=_time 
| eval start=end-(aging*86400) 
| eval range=mvrange(start, end, 86400) 
| convert ctime(range) timeformat="%+" 
| eval BusinessDays=mvcount(mvfilter(NOT match(range,"(Sun|Sat).*")))

purpose:

calculate a duration excluding week end days

requirements:

comments:

if you have a start and end time : calculate the duration in business days, excluding week end. using mvrange.