Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Which commands.conf should I add my custom search command to?

tristanmatthews
Path Finder
‎12-01-2013 04:51 PM

Hi,

Last week I defined a custom search command, and after reading the documentation I decided that I should reference it in:

$SPLUNK_HOME/etc/app/<app_name>/local

where my <app_name> is search because its a search command. So I created

$SPLUNK_HOME/etc/app/<app_name>/local/commands.conf

and put in a single santza for my command. Saved it, restarted splunk and tested it. After debugging worked great, so did all the normal search commands. Over the thanksgiving weekend my splunk started crashing. I think it unrelated and has todo with some security changes we made to the server, but wanted to double check that I didn't my "guess" about where to put it isn't destroying things. (btw its are still crashing once it remove the new commands.conf and restart so I'm fairly sure its not the problem).

-Tristan

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sbrant_splunk
Splunk Employee
Splunk Employee
‎12-01-2013 05:14 PM

If you want it in the context of your app, then you've put it in the correct spot.

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Configurationfiledirectories

One correction though, the path in your question should contain "apps", not "app":

$SPLUNK_HOME/etc/apps/<app_name>/local/commands.conf

View solution in original post

Reply
Solved! Jump to solution
Solution

sbrant_splunk
Splunk Employee
Splunk Employee
‎12-01-2013 05:14 PM

If you want it in the context of your app, then you've put it in the correct spot.

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Configurationfiledirectories

One correction though, the path in your question should contain "apps", not "app":

$SPLUNK_HOME/etc/apps/<app_name>/local/commands.conf
Reply
Solved! Jump to solution

sbrant_splunk
Splunk Employee
Splunk Employee
‎12-01-2013 05:30 PM

It doesn't need to be a copy of the default. Only new items or those that you want to override in default should go into local.

0 Karma
Reply
Solved! Jump to solution

tristanmatthews
Path Finder
‎12-01-2013 05:21 PM

Your right it should be apps, and is in my install. The documentation:

http://docs.splunk.com/Documentation/Splunk/5.0.4/Search/AddthecustomcommandtoSplunk

which I copied the string from however lists the path incorrectly as "app".

Just to be painfully clear, my commands.conf should only have the single stanza for my command, it isn't a copy of the default with my command added?

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...