Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way to find out the location of a given macro in a search head clustering environment?

Thuan
Explorer
‎01-07-2016 03:07 PM

I am new to a search head clustering environment. I found macros being used and I am trying to find out where these macros were created. I read the link http://docs.splunk.com/Documentation/ES/3.3.0/Install/Macros which has a lot of useful information on ES defined macros. Is there a way to quickly find out the location of a given macro, e.g., 

| `host_eventcount(30,72)`

using grep at the CLI, or search? This helps me to understand what canned searches do.

Thank you.

0 Karma
Reply

Thuan
Explorer
‎01-08-2016 09:12 AM

I will try the btool option as this is the answer I am looking for. It provides a unique way to look for macros. The other GUI option is too clumsy as you need to know what apps the macro was created for.

Thank you.

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-07-2016 04:42 PM

One way to look up information about a given macro, is to use btool:

./splunk btool macros list host_eventcount --debug

Have you tried just looking for it in Settings > Advanced Search > Macros and looking across all owners / apps ?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...