Solved: macro with localop?

vbumgarner · ‎05-03-2011

Is there any way to start a macro with a generator command? I get the error "The command must be the first command of a search."

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

View solution in original post

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

gkanapathy · ‎05-03-2011

It is lame. Can you do it if you make it into an iseval=1 definition returning a string?

vbumgarner · ‎05-03-2011

We figured that out, but it's kinda lame. It'd be nice to have the pipe in the definition.

macro with localop?

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?

Are you a member of the Splunk Community?

macro with localop?

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Index This | What goes away as soon as you talk about it?