Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunkd.log error tracking

jarjoh42
Path Finder
‎06-10-2013 06:23 AM

I have this error continually coming up in my splunkd.log and I cannot figure out where I need to put in the conf-change stanza. Is there a way to get a file or app location from this error?

05-23-2013 23:40:04.486 -0400 ERROR SearchParser - Could not find macro 'conf-change' that takes 0 arguments. Expecting stanza name 'conf-change'.

0 Karma
Reply

krugger
Communicator
‎06-11-2013 03:37 AM

This should locate the conf-change
grep -R conf-change etc/*

0 Karma
Reply

aholzer
Motivator
‎06-10-2013 08:56 AM

This means that you have a search that is trying to run with a "conf-change" macro, but it's not finding it. The simplest way of figuring out what is going on is to identify what app the "conf-change" macro is defined vs what app the search that is using it is defined (a couple of simple text searches through your *.conf files should get you both answers).

Once you have identified these things you can ensure that the macro's permissions allow it's usage from outside the app it's in, or clone the macro to the app that the search is in.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...