Solved: macro with localop?

vbumgarner · ‎05-03-2011

Is there any way to start a macro with a generator command? I get the error "The command must be the first command of a search."

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

View solution in original post

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

gkanapathy · ‎05-03-2011

It is lame. Can you do it if you make it into an iseval=1 definition returning a string?

vbumgarner · ‎05-03-2011

We figured that out, but it's kinda lame. It'd be nice to have the pipe in the definition.

macro with localop?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

macro with localop?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases