Macro Manifest Schema

https://api.splunkresearch.com/schemas/macros.json

An object that defines the parameters for a Splunk Macro

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Allowed none macros.spec.json

Macro Manifest Type

object (Macro Manifest)

Macro Manifest Properties

Property Type Required Nullable Defined by
arguments array Optional cannot be null Macro Manifest
definition string Optional cannot be null Macro Manifest
description string Required cannot be null Macro Manifest
name string Required cannot be null Macro Manifest

arguments

A list of the arguments being passed to this macro

arguments

arguments Type

string[]

arguments Constraints

minimum number of items: the minimum number of items for this array is: 0

unique items: all items in this array must be unique. Duplicates are not allowed.

definition

The macro definition

definition

definition Type

string

definition Examples

(query=fls-na* AND query = www* AND query=images*)

description

What the macro is intended to filter

description

description Type

string

description Examples

Use this macro to filter out known good objects

name

The name of the macro

name

name Type

string

name Examples

detection_search_output_filter