...sed in eventtype.conf (inside TA) and a summaries macro in savedsearch.conf (inside App).
Currently, the macros.conf is in TA and hence the App Inspect shows failure for App as it could not find t...
hi everyone,
Could you guys please help me with the below queries?
how to delete macro from the cli ? ( if the macro permission is private )
how to delete macro from the cli ? ( if the ma...
...acro in the app. From the app's macros.conf :
[myapp_exclude_my_trans]
definition = NOT [|inputlookup my_trans.csv]
From the description of this check in the AppInspect docs:
Check that a...
Hi,
I am doing statistical analysis on a number of indexes for time series forecasting.
On reading the following article, its gives a sample SPL query as follows: | gentimes start=”01/01/2018" i...
Does anyone know how to query macros using the Javascript SDK? I would like to essentially have the app list and/or query the macros.conf files so that I can dynamically pull in macro names and d...
...7:33.489 INFO ShutdownHandler - Shutting down splunkd
It seems that on indexer level, the macro is not being expanded if it called by an eventtype.
eventtypes.conf and macros.conf are d...
...ood example were: lookup files, but i guess indexer should not need any lookup files since that job is done be search head, not indexer. The same with other KO objects like tags, event types, macros etc....
...acro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information.
[indexer02] Streamed search execute failed because: Error in 'S...
...ead knowledge bundle. But, I have added distsearch.conf in TA where eventtype resides and I can see macros.conf in knowledge bundle getting replicated to search peers. still I am not able to get r...