Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

splunkd.log error tracking

jarjoh42
Path Finder
‎06-10-2013 06:23 AM

I have this error continually coming up in my splunkd.log and I cannot figure out where I need to put in the conf-change stanza. Is there a way to get a file or app location from this error?

05-23-2013 23:40:04.486 -0400 ERROR SearchParser - Could not find macro 'conf-change' that takes 0 arguments. Expecting stanza name 'conf-change'.

0 Karma
Reply

krugger
Communicator
‎06-11-2013 03:37 AM

This should locate the conf-change
grep -R conf-change etc/*

0 Karma
Reply

aholzer
Motivator
‎06-10-2013 08:56 AM

This means that you have a search that is trying to run with a "conf-change" macro, but it's not finding it. The simplest way of figuring out what is going on is to identify what app the "conf-change" macro is defined vs what app the search that is using it is defined (a couple of simple text searches through your *.conf files should get you both answers).

Once you have identified these things you can ensure that the macro's permissions allow it's usage from outside the app it's in, or clone the macro to the app that the search is in.

Hope this helps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...