Solved: Why are alerts not working after upgrade to Splunk... - Page 3

alewkowicz · ‎10-05-2016

Hi,

All of our alerts are not working after the upgrade to Splunk 6.5.0
In the scheduler.log I have this error :

ERROR SavedSplunker - vector::_M_range_check: __n (which is 0) >= this->size() (which is 0)

Anyone else have this issue ?

Thanks !

alewkowicz · ‎10-25-2016

We have found a solution : the issue was the \n character (maybe a change with the SPL in the v6.5 ) in some of our alerts.

Please find below the answer of splunk support on this :

"We have a few related sounding known issues like this (listed below).

Your one actually isn't documented externally yet though.
Internal reference (which you can us when talking to support/accounts team is SPL-129846). It is a regression bug, and is due to be fixed in 6.5.1.

http://docs.splunk.com/Documentation/Splunk/6.5.0/ReleaseNotes/KnownIssues

SPL-34347 = wmi input default fields - with value including newlines doesn't search properly becasue of \r\n issue

SPL-74209, SPL-74167 = Persistent queues are not created on Windows for stanzas that contain unusual characters (such as < and >).
Workaround: Specify the persistentQueue explicitly in the input definition.

SPL-78179 = REST /saved/searches App names with special characters have invalid links. "

View solution in original post

Why are alerts not working after upgrade to Splunk 6.5.0?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms