Create and apply a custom command function for the Edge Processor solution
Create custom command functions in Search Processing Language Version 2 (SPL2) and apply them to new or existing pipelines. Custom command functions are user-defined to reuse common data transformations between multiple pipelines. For example, if you process the same sourcetype in multiple pipelines, use a custom command function to extract fields instead of copying and pasting code between pipelines.
Steps to create and publish a custom command function
To create and publish a custom command function, see the following steps:
-
In Splunk Enterprise, select the Search & Reporting app.
-
Navigate to the Modules page, and then select Create module.
-
Write your custom command function in SPL2. Both the source and the return type have to be dataset. For more information on SPL2, see Quick Reference for SPL2 commands in the SPL2 Search Reference.
See the following custom command function example in SPL2:JAVASCRIPT/** * This is a custom command function that takes one argument * @param $source * @param $arg - description of arg */ function command_function_with_argument($source:dataset, $arg:string):dataset { return | from $source | eval tag = "Has run command_function_with_argument with ${$arg}"; } export command_function_with_argument -
Export your module by adding the line
export <name of your function>. As a shortcut, select the three dots (⋮) next to the custom command function's name in the outline, and then select Export. This will add the line for you. See Exporting module items using SPL2 in the SPL2 Search Manual for more information. -
Select Save module, and do the following:
-
Give your module a name.
-
Change the Namespace from Private to App.
-
Select Save module and configure permissions.
-
In the Configure permissions dialog box, make sure that the apps role has at least Execute permission for this module. Additionally, make sure that a role assigned to the users that you want to share this custom command function with also has at least Execute permission.
-
Select Save.
-
Apply a custom command function to a pipeline
You can discover custom command functions and apply them to your pipelines once a custom command function has been published by you or a colleague. You both need to be members of the same shared workspace.
Apply a custom command function to an existing pipeline
You can discover custom command functions and apply them to your pipelines once a custom command function has been published by you or a colleague. You both need to be members of the same shared workspace.
To apply a custom command function to an existing pipeline, see the following steps.
-
Navigate to the Pipelines page.
-
Select the Actions icon (
) in the row that lists your pipeline, and then select Edit. This will take you to the pipeline editor for that pipeline.
-
Select the plus icon (
) in the Actions area of the pipeline builder and select Apply custom command function.
-
Search for the name of your custom command function, and view its documentation. Specify parameters values for the selected custom command function as necessary.
-
Select Apply.
Apply a custom command function to a new pipeline
You can use a custom command function in a new pipeline before it has been saved. See the following steps:
-
Navigate to the Pipelines page, then select New pipeline and then Edge Processor pipeline.
-
Follow the on-screen instructions until you get to the SPL2 editor. For more information, see the steps in Create pipelines for Edge Processors. manual.
-
Select the plus icon (
) in the Actions area of the pipeline builder and select Apply custom command function.
-
Search for the name of your custom command function, and view its documentation. Specify parameters values for the selected custom command function as necessary.
-
Select Apply.