Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunkd.log error tracking

jarjoh42
Path Finder
‎06-10-2013 06:23 AM

I have this error continually coming up in my splunkd.log and I cannot figure out where I need to put in the conf-change stanza. Is there a way to get a file or app location from this error?

05-23-2013 23:40:04.486 -0400 ERROR SearchParser - Could not find macro 'conf-change' that takes 0 arguments. Expecting stanza name 'conf-change'.

0 Karma
Reply

krugger
Communicator
‎06-11-2013 03:37 AM

This should locate the conf-change
grep -R conf-change etc/*

0 Karma
Reply

aholzer
Motivator
‎06-10-2013 08:56 AM

This means that you have a search that is trying to run with a "conf-change" macro, but it's not finding it. The simplest way of figuring out what is going on is to identify what app the "conf-change" macro is defined vs what app the search that is using it is defined (a couple of simple text searches through your *.conf files should get you both answers).

Once you have identified these things you can ensure that the macro's permissions allow it's usage from outside the app it's in, or clone the macro to the app that the search is in.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...