Developing for Splunk Enterprise

Aliased Search Command Results In "Unknown Search Command 'my'"



I have the following in my searchbnf.conf file but thus far I get an error when trying to use the alias:

syntax = mycommand field=<field> db="<database>,<database>"
simplesyntax = mycommand field=<field> db=<database>
alias = my
shortdesc = Short Description
description = Description
comment1 = Description1
example1 = * | mycommand field=ex_field db=ex_db
comment2 = Description2
example2 = * | mycommand field=ex_field db="ex_db1,ex_db2"
category = fields::add
appears-in = 6.2.3
maintainer = Kevin Kirsche
usage = public
related = stats
tags = tags

Any reason that when trying to use the alias I get the following:

* | my field=ex_field db=ex_db

Unknown search command 'my'.

Any idea why this could / would not work?

0 Karma

Re: Aliased Search Command Results In "Unknown Search Command 'my'"


The alias defined in searchbnf.conf only matters for the in-line help displayed under the search bar - it doesn't actually influence commands.conf. I don't see an example in default Splunk, but I guess you'd have to define your command twice there since there seems to be no alias mechanism in commands.conf 😞

0 Karma