We maintain the knowledge objects (KOs) on a GitHub repo. When attempting to sync the KOs to a new Splunk instance, the build job (using Jenkins) fails with the below stack trace
Use `bundle info [gemname]` to see where a bundled gem is installed.
/var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-sdk-ruby-1.0.5/lib/splunk-sdk-ruby/context.rb:460:in `request_by_url': HTTP 400 Bad Request: Error in 'SearchParser': The search specifies a macro 'our_custom_macro' that cannot be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information. (Splunk::SplunkHTTPError)
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-sdk-ruby-1.0.5/lib/splunk-sdk-ruby/context.rb:355:in `request'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-sdk-ruby-1.0.5/lib/splunk-sdk-ruby/collection.rb:355:in `create'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/objects.rb:73:in `create'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/objects.rb:50:in `block in sync'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/objects.rb:29:in `each'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/objects.rb:29:in `sync'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/client.rb:30:in `sync_all'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/lib/splunk/pickaxe/cli.rb:56:in `sync'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/thor-0.20.3/lib/thor/command.rb:27:in `run'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/thor-0.20.3/lib/thor/invocation.rb:126:in `invoke_command'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/thor-0.20.3/lib/thor.rb:387:in `dispatch'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/thor-0.20.3/lib/thor/base.rb:466:in `start'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/gems/splunk-pickaxe-2.8.0/bin/pickaxe:6:in `<top (required)>'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/bin/pickaxe:23:in `load'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/bin/pickaxe:23:in `<main>'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/bin/ruby_executable_hooks:15:in `eval'
from /var/lib/spork/.rvm/gems/ruby-2.3.1@ibus-cloud/bin/ruby_executable_hooks:15:in `<main>'
The issue is caused by the fact that the library tries to sync the alerts first which are dependent on macros.
Proposed Solution
Sync the macros first followed by everything else.
PR: #31
Problem Description
We maintain the knowledge objects (KOs) on a GitHub repo. When attempting to sync the KOs to a new Splunk instance, the build job (using Jenkins) fails with the below stack trace
The issue is caused by the fact that the library tries to sync the alerts first which are dependent on macros.
Proposed Solution
Sync the macros first followed by everything else. PR: #31