Splunk Search

where is the custom command documentation?

MonkeyK
Builder

Lots of custom commands come with Splunk. 31 in the search app alone.

I often see all of those commands and wonder if there is anything that I could be using. Since I am not an admin on the system, I can't just look at the code to find out.

Is there a place that documents what these commands do and what sort of arguments they expect?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

All of the commands shipped with the Search & Reporting app are documented in the Search Reference Manual (https://docs.splunk.com/Documentation/Splunk/8.0.1/SearchReference/WhatsInThisManual).

Where are you getting the count of custom commands?

---
If this reply helps you, Karma would be appreciated.

MonkeyK
Builder

"Settings|Advanced Search"
"Search Commands"
lists the number of commands that are showing.

some of these are clearly common search commands (head, diff). Others I see no documentation on how to use.
For example:
https://docs.splunk.com/Special:SplunkSearch/docs?q=arulespy
https://docs.splunk.com/Special:SplunkSearch/docs?q=createrss
https://docs.splunk.com/Special:SplunkSearch/docs?q=mocknodegraph

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I don't recognize any of those commands. I suspect they either came with an app or were produced locally. In the case of the former, consult the app docs or the developer; for the latter case, check with the owner.

---
If this reply helps you, Karma would be appreciated.
0 Karma

MonkeyK
Builder

Well. In the custom commands listing that I described how to find, these commands are listed as part of the search app with an owner of "no owner"

I consulted the app documentation as shown by the links above.

I guess that's why I asked the question that I did.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

That a command is found in the Search app does not necessarily mean it came with that app. It's easy to add commands and other knowledge objects to the standard apps.

Have you tried looking in the command's script file to see if there are comments or if you can see what the code does?

---
If this reply helps you, Karma would be appreciated.
0 Karma

MonkeyK
Builder

Where in the UI do I find the command's script file? Where do I see the command ownership info?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...