All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cacti Mirage Add-On for Cluster

aecruzp
Path Finder
‎01-05-2018 06:39 AM

regards

    We are currently trying to install this app in a cluster environment, but the following error is appearing.

[splunk-indexer-01-cnt] Streamed search execute failed because: Error in 'SearchParser': The search specifies a macro 'cacti_index' that can not be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information.

   Tests have been made and installed this app in standalone only creating the index = cacti and we have no problems.

   Is there any recommendation in this regard? you only have to bundle the app in the master and deployer? must we change the file permissions? ...

   I'll be attentive to the comments

regards

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎01-05-2018 10:20 AM

I would imagine that the macro doesn't exist on the indexers, or the permissions on the macro might be wrong?

Was the the app pushed to the indexer cluster?

When you are running your search, which app are you in?? Check if the macro permissions are global:

alt text

Its appears global in my instance.

the macro is technically not mandatory for your searches either, was just bet practice to allow the users to change it, so you could technically just not use it as well.

hit me up on slack if you are in the chat (splk.it/slack to sign up), I'm @mattymo

- MattyMo
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...