The instructions say to put the file in, splunk_home/etc/searchscripts, which doesn't exist in my 4.2.2 installation. I found splunk_home/etc/search/scripts, though that does work either. I have also tried creating the folder. Each time I restarted the service, just in case. Will someone please supply the basics on what is needed to get the search script to work?
brettski, did you get this script working? Im at a halt trying to figure how to get it to work. I've tried all links suggested in this post but Splunk is not recognizing this app.
Once you go through it...just let me know sdaniels@splunk.com. I'll be happy to get the docs changed to make sure they are in sync. Apologies for any confusion there.
I will give you credit for your answer but the Splunk documentatio is not very clear an conflicts with comments in the applications files. I think I will leave well enough alone for now. This should not be this difficult.
Strange, I just retried both links with no issues. Yes, it is a custom search command. Based on the link you supplied, I need to create an application to run the custom search command under? Or can the app be 'Search'?
