Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to make a custom command shared between all Apps?

splunker1981
Path Finder
‎03-20-2017 09:47 AM

Hi fellow Splunkers,

I'm wondering is someone can tell me how to share a custom command stored within a custom App globally? We have a custom script that takes input, processes it and returns data. I've tried a few things in order to make the command shared globally since we need to run this command within various apps. I get the following error regardless of what we add to the commands or meta files: "Search Factory: Unknown search command scriptNameHere" (restarted the service after every change). The App permissions are set to global which I thought would make the command work within any other app, but that doesn't seem to be the case.

Here is what I tried adding to my default.meta. Within my commands.conf file I have 4 custom scripts, I'd like to either make them all global or define the specific command we need to work in all other apps.

[commands]
access = read : [ * ], write : [ admin ]
export = system

Any help would be greatly appreciated.

0 Karma
Reply

Maurice_Moss
Engager
‎03-21-2023 06:44 AM

This may be an answer 6 years later (almost to the date), but thought I'd post for future visitors. I was searching this today and found some info in Splunk dev docs:

Splunk Dev - Manage access to a custom search command in Splunk Cloud Platform or Splunk Enterprise 

Not sure if .meta allows all commands to be controlled via the stanza like in the original question, but each command can be added using the following:

[commands/command_name]
access = read : [ * ], write : [ admin ]
export = system

Seems like it requires a stanza per command and doesn't allow mass command sharing.  The comment from MuS seems to be the other option for mass sharing, but exports all objects in the app.

0 Karma
Reply

MuS
Legend
‎03-21-2017 05:18 PM

Hi splunker1981,

If I create a custom command in a TA, I add this to the metadata/default.meta

[]
access = read : [ * ], write : [ admin ]
export = system

and it worked all the times so far.

Hope this helps ...

cheers, MuS

Reply
Get Updates on the Splunk Community!

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...