Aliased Search Command Results In "Unknown Search ...

kkirsche · ‎07-21-2015

Hey,

I have the following in my searchbnf.conf file but thus far I get an error when trying to use the alias:

[mycommand-command]
syntax = mycommand field=<field> db="<database>,<database>"
simplesyntax = mycommand field=<field> db=<database>
alias = my
shortdesc = Short Description
description = Description
comment1 = Description1
example1 = * | mycommand field=ex_field db=ex_db
comment2 = Description2
example2 = * | mycommand field=ex_field db="ex_db1,ex_db2"
category = fields::add
appears-in = 6.2.3
maintainer = Kevin Kirsche
usage = public
related = stats
tags = tags

Any reason that when trying to use the alias I get the following:

Command:
* | my field=ex_field db=ex_db

Unknown search command 'my'.

Any idea why this could / would not work?

martin_mueller · ‎07-21-2015

The alias defined in searchbnf.conf only matters for the in-line help displayed under the search bar - it doesn't actually influence commands.conf. I don't see an example in default Splunk, but I guess you'd have to define your command twice there since there seems to be no alias mechanism in commands.conf 😞

Aliased Search Command Results In "Unknown Search Command 'my'"

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!