Solved: macro with localop?

vbumgarner · ‎05-03-2011

Is there any way to start a macro with a generator command? I get the error "The command must be the first command of a search."

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

View solution in original post

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

gkanapathy · ‎05-03-2011

It is lame. Can you do it if you make it into an iseval=1 definition returning a string?

vbumgarner · ‎05-03-2011

We figured that out, but it's kinda lame. It'd be nice to have the pipe in the definition.

macro with localop?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Are you a member of the Splunk Community?

macro with localop?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25