Basically the steps are:
1. Create your script
2. Install it into your app's bin directory
3. Edit the app's commands.conf file
4. Restart splunk
I did this, and this worked on an older instance of splunk we have, which is just a searchead and indexer all-in-one. However, on our new clustered instance I'm getting the error in the title from all of the peers when I try to invoke the command.
Is there another step here for clustered environments or something? I installed it on the search head and restarted splunk enterprise from the CLI there. It seems like the indexers aren't getting the file or something. This is a streaming command as well.
Edit: The command works fine when local = true in the commands.conf. However I do not want this. It must be some kind of replication or bundle issue then, right?
i’m not sure its a bug or just a behavioural change..i worked with another dev with custom command, and it just seems the “new way” is to deploy ur app to the sh AND the index peers. I chalked it up to bundle enhancements but will try and circle back on it