Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way to find out the location of a given macro in a search head clustering environment?

Thuan
Explorer
‎01-07-2016 03:07 PM

I am new to a search head clustering environment. I found macros being used and I am trying to find out where these macros were created. I read the link http://docs.splunk.com/Documentation/ES/3.3.0/Install/Macros which has a lot of useful information on ES defined macros. Is there a way to quickly find out the location of a given macro, e.g., 

| `host_eventcount(30,72)`

using grep at the CLI, or search? This helps me to understand what canned searches do.

Thank you.

0 Karma
Reply

Thuan
Explorer
‎01-08-2016 09:12 AM

I will try the btool option as this is the answer I am looking for. It provides a unique way to look for macros. The other GUI option is too clumsy as you need to know what apps the macro was created for.

Thank you.

0 Karma
Reply

aljohnson_splun
Splunk Employee
Splunk Employee
‎01-07-2016 04:42 PM

One way to look up information about a given macro, is to use btool:

./splunk btool macros list host_eventcount --debug

Have you tried just looking for it in Settings > Advanced Search > Macros and looking across all owners / apps ?

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...