Why am I getting an "unknown search command error"...

Splunk Search

I have created a custom generating command on the search head. I also want to execute this command on the search head. I don't want this command to be sent to the indexers. This is why I have set distributed = False and local = True in the commands.conf as below.

[generatepaths]
distributed = False
chunked = true
local = True
enableheader = true
outputheader = true
requires_srinfo = true
supports_getinfo = true
supports_multivalues = true
supports_rawargs = true
filename = system_python.path
command.arg.1 = sankey.py

Sometimes, you have to set the same parameters in multiple places. So I have also configured the following in my python script to force the command to be executed locally:

@Configuration(local=True)

Still no luck. I get a "Search Factory: Unknown search command 'generatepaths'" error from every indexer. What should I do to execute custom command locally on the Search Head. Is there some other hidden undocumented setting i have to look for or this is simpy a bug?

Get Updates on the Splunk Community!

Why am I getting an "unknown search command error" when trying to execute a custom command on the Search Head?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation