All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cacti Mirage Add-On for Cluster

aecruzp
Path Finder
‎01-05-2018 06:39 AM

regards

    We are currently trying to install this app in a cluster environment, but the following error is appearing.

[splunk-indexer-01-cnt] Streamed search execute failed because: Error in 'SearchParser': The search specifies a macro 'cacti_index' that can not be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information.

   Tests have been made and installed this app in standalone only creating the index = cacti and we have no problems.

   Is there any recommendation in this regard? you only have to bundle the app in the master and deployer? must we change the file permissions? ...

   I'll be attentive to the comments

regards

0 Karma
Reply

mattymo
Splunk Employee
Splunk Employee
‎01-05-2018 10:20 AM

I would imagine that the macro doesn't exist on the indexers, or the permissions on the macro might be wrong?

Was the the app pushed to the indexer cluster?

When you are running your search, which app are you in?? Check if the macro permissions are global:

alt text

Its appears global in my instance.

the macro is technically not mandatory for your searches either, was just bet practice to allow the users to change it, so you could technically just not use it as well.

hit me up on slack if you are in the chat (splk.it/slack to sign up), I'm @mattymo

- MattyMo
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...