Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why are alerts not working after upgrade to Splunk 6.5.0?

alewkowicz
Explorer
‎10-05-2016 02:24 AM

Hi,

All of our alerts are not working after the upgrade to Splunk 6.5.0
In the scheduler.log I have this error : 

ERROR SavedSplunker - vector::_M_range_check: __n (which is 0) >= this->size() (which is 0)

Anyone else have this issue ?

Thanks !

Reply
1 Solution
Solved! Jump to solution
Solution

alewkowicz
Explorer
‎10-25-2016 04:53 AM

We have found a solution : the issue was the \n character (maybe a change with the SPL in the v6.5 ) in some of our alerts.

Please find below the answer of splunk support on this :

"We have a few related sounding known issues like this (listed below).

Your one actually isn't documented externally yet though.
Internal reference (which you can us when talking to support/accounts team is SPL-129846). It is a regression bug, and is due to be fixed in 6.5.1.

http://docs.splunk.com/Documentation/Splunk/6.5.0/ReleaseNotes/KnownIssues

SPL-34347 = wmi input default fields - with value including newlines doesn't search properly becasue of \r\n issue

SPL-74209, SPL-74167 = Persistent queues are not created on Windows for stanzas that contain unusual characters (such as < and >).
Workaround: Specify the persistentQueue explicitly in the input definition.

SPL-78179 = REST /saved/searches App names with special characters have invalid links. "

View solution in original post

Reply
Solved! Jump to solution

kristianaasen
New Member
‎10-18-2016 11:15 PM

Yes. Triggered Alerts is empty.

0 Karma
Reply
Solved! Jump to solution

ltawfall
Path Finder
‎10-12-2016 11:22 AM

Ever find a solution to this? we're also seeing that error.

Reply
Solved! Jump to solution

burwell
SplunkTrust
SplunkTrust
‎10-12-2016 01:40 PM

I tried with 6.5.0 on Linux (64 bit) and alerts seem to work.

Maybe post the alert you are trying?

I tried a very simple saved search that I scheduled to run every minute:

 error | head 3000 | stats count by host

And put a small threshold and the alert was put in list of Triggered Alerts and I received an email.

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...