Aliased Search Command Results In "Unknown Search ...

kkirsche · ‎07-21-2015

Hey,

I have the following in my searchbnf.conf file but thus far I get an error when trying to use the alias:

[mycommand-command]
syntax = mycommand field=<field> db="<database>,<database>"
simplesyntax = mycommand field=<field> db=<database>
alias = my
shortdesc = Short Description
description = Description
comment1 = Description1
example1 = * | mycommand field=ex_field db=ex_db
comment2 = Description2
example2 = * | mycommand field=ex_field db="ex_db1,ex_db2"
category = fields::add
appears-in = 6.2.3
maintainer = Kevin Kirsche
usage = public
related = stats
tags = tags

Any reason that when trying to use the alias I get the following:

Command:
* | my field=ex_field db=ex_db

Unknown search command 'my'.

Any idea why this could / would not work?

martin_mueller · ‎07-21-2015

The alias defined in searchbnf.conf only matters for the in-line help displayed under the search bar - it doesn't actually influence commands.conf. I don't see an example in default Splunk, but I guess you'd have to define your command twice there since there seems to be no alias mechanism in commands.conf 😞

Aliased Search Command Results In "Unknown Search Command 'my'"

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation