Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to make a custom command shared between all Apps?

splunker1981
Path Finder
‎03-20-2017 09:47 AM

Hi fellow Splunkers,

I'm wondering is someone can tell me how to share a custom command stored within a custom App globally? We have a custom script that takes input, processes it and returns data. I've tried a few things in order to make the command shared globally since we need to run this command within various apps. I get the following error regardless of what we add to the commands or meta files: "Search Factory: Unknown search command scriptNameHere" (restarted the service after every change). The App permissions are set to global which I thought would make the command work within any other app, but that doesn't seem to be the case.

Here is what I tried adding to my default.meta. Within my commands.conf file I have 4 custom scripts, I'd like to either make them all global or define the specific command we need to work in all other apps.

[commands]
access = read : [ * ], write : [ admin ]
export = system

Any help would be greatly appreciated.

0 Karma
Reply

Maurice_Moss
Engager
‎03-21-2023 06:44 AM

This may be an answer 6 years later (almost to the date), but thought I'd post for future visitors. I was searching this today and found some info in Splunk dev docs:

Splunk Dev - Manage access to a custom search command in Splunk Cloud Platform or Splunk Enterprise 

Not sure if .meta allows all commands to be controlled via the stanza like in the original question, but each command can be added using the following:

[commands/command_name]
access = read : [ * ], write : [ admin ]
export = system

Seems like it requires a stanza per command and doesn't allow mass command sharing.  The comment from MuS seems to be the other option for mass sharing, but exports all objects in the app.

0 Karma
Reply

MuS
Legend
‎03-21-2017 05:18 PM

Hi splunker1981,

If I create a custom command in a TA, I add this to the metadata/default.meta

[]
access = read : [ * ], write : [ admin ]
export = system

and it worked all the times so far.

Hope this helps ...

cheers, MuS

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...