Solved: macro with localop?

vbumgarner · ‎05-03-2011

Is there any way to start a macro with a generator command? I get the error "The command must be the first command of a search."

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

View solution in original post

hazekamp · ‎05-03-2011

Vincent,

You can have macros that make use of generating commands, but the error is likely correct in that certain search commands (i.e. metadata) must be the first command of a search.

## macros.conf
[metadata]
definition = metadata type=hosts index=*
iseval = 0

## search
| `metadata`

gkanapathy · ‎05-03-2011

It is lame. Can you do it if you make it into an iseval=1 definition returning a string?

vbumgarner · ‎05-03-2011

We figured that out, but it's kinda lame. It'd be nice to have the pipe in the definition.

macro with localop?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

macro with localop?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits