Security

How to make a custom command shared between all Apps?

splunker1981
Path Finder

Hi fellow Splunkers,

I'm wondering is someone can tell me how to share a custom command stored within a custom App globally? We have a custom script that takes input, processes it and returns data. I've tried a few things in order to make the command shared globally since we need to run this command within various apps. I get the following error regardless of what we add to the commands or meta files: "Search Factory: Unknown search command scriptNameHere" (restarted the service after every change). The App permissions are set to global which I thought would make the command work within any other app, but that doesn't seem to be the case.

Here is what I tried adding to my default.meta. Within my commands.conf file I have 4 custom scripts, I'd like to either make them all global or define the specific command we need to work in all other apps.

[commands]
access = read : [ * ], write : [ admin ]
export = system

Any help would be greatly appreciated.

0 Karma

Maurice_Moss
Engager

This may be an answer 6 years later (almost to the date), but thought I'd post for future visitors. I was searching this today and found some info in Splunk dev docs:

Splunk Dev - Manage access to a custom search command in Splunk Cloud Platform or Splunk Enterprise 

Not sure if .meta allows all commands to be controlled via the stanza like in the original question, but each command can be added using the following:

[commands/command_name]
access = read : [ * ], write : [ admin ]
export = system

Seems like it requires a stanza per command and doesn't allow mass command sharing.  The comment from MuS seems to be the other option for mass sharing, but exports all objects in the app.

0 Karma

MuS
Legend

Hi splunker1981,

If I create a custom command in a TA, I add this to the metadata/default.meta

[]
access = read : [ * ], write : [ admin ]
export = system

and it worked all the times so far.

Hope this helps ...

cheers, MuS

Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...