Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

splunkd.log error tracking

jarjoh42
Path Finder
‎06-10-2013 06:23 AM

I have this error continually coming up in my splunkd.log and I cannot figure out where I need to put in the conf-change stanza. Is there a way to get a file or app location from this error?

05-23-2013 23:40:04.486 -0400 ERROR SearchParser - Could not find macro 'conf-change' that takes 0 arguments. Expecting stanza name 'conf-change'.

0 Karma
Reply

krugger
Communicator
‎06-11-2013 03:37 AM

This should locate the conf-change
grep -R conf-change etc/*

0 Karma
Reply

aholzer
Motivator
‎06-10-2013 08:56 AM

This means that you have a search that is trying to run with a "conf-change" macro, but it's not finding it. The simplest way of figuring out what is going on is to identify what app the "conf-change" macro is defined vs what app the search that is using it is defined (a couple of simple text searches through your *.conf files should get you both answers).

Once you have identified these things you can ensure that the macro's permissions allow it's usage from outside the app it's in, or clone the macro to the app that the search is in.

Hope this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...