Solved: Why am I getting "Error in 'disabler' command: The...

annalisefolsen · ‎06-14-2016

I have an app for a custom command called disabler and I am trying to call the command by:

... | disabler | ...

But I keep getting the error message:

Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf.

I have placed the commands.conf file in both the default and local folders and have restarted Splunk, but the results are always the same. This is my commands.conf file:

[disabler]
filename = splunkProgram.py
generating = true
local = true
maxinput = 0

annalisefolsen · ‎06-21-2016

Okay, I have fixed this. This has the best explanations for setting up an app. I was told in other posts that logging.conf was optional, but apparently it is not. This should help anyone looking to answer this http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...

View solution in original post

annalisefolsen · ‎06-21-2016

Okay, I have fixed this. This has the best explanations for setting up an app. I was told in other posts that logging.conf was optional, but apparently it is not. This should help anyone looking to answer this http://blogs.splunk.com/2014/04/14/building-custom-search-commands-in-python-part-i-a-simple-generat...

Why am I getting "Error in 'disabler' command: The external search command 'disabler' does not exist in commands.conf"?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?