Solved: Macro Argument not applying

ebs · ‎05-23-2021

Hi.

I've created the following macro: sessionCount(1)

With this definition:

datamodel Test summariesonly=true search | search "TEST.date"=$date$ | stats count(exchangeId)

But when I enter this search: | `sessionCount(2021-05-18)` it doesn't work

But this search does: | datamodel Test summariesonly=true search | search "TEST.date"=2021-05-18 | stats count(exchangeId)

What am I doing wrong?

aasabatini · ‎05-23-2021

Hi @ebs

check if the macro is public or private, also check all the permissions

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

View solution in original post

aasabatini · ‎05-23-2021

Hi @ebs

check if the macro is public or private, also check all the permissions

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

ebs · ‎05-25-2021

It seems it was a permissions issue, just took a while to propagate. Thank you!

ebs · ‎05-24-2021

I fixed the permissions, but its still not working

aasabatini · ‎05-24-2021

Hi @ebs

Can you click on the searchand digit this sequence to expand the macro?

crtl+shift+e

New in 6.6, there is now a keystroke to expand macros in the search window! Click inside your search and press cmd-shift-E (on Mac, should be shift-WIN-E on Windows) and you'll see a window like this:

and please share the screen

Regards

Alessandro

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Macro Argument not applying

count

stats

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services