All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

AppInspect v2.2.0 wrongly reports that there is no named capturing group in Extract in props.conf

imrago
Contributor
‎07-23-2020 10:22 AM

Hi,

while checking our app with AppInspect v2.2.0 an extract in props.conf was flagged with this error :

xxxxx

check_props_conf_extract_option_has_named_capturing_group
[EXTRACT-nfo_hostname] setting in props.conf specified a regex without any named capturing group. This is an incorrect usage. Please include at least one named capturing group. File: default/props.conf Line Number: 19

xxxxx

Line 19 is :

EXTRACT-nfo_hostname = ((\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2})|(1\s\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.{1}\d{2}:\d{2}))\s+(?P<nfo_hostname>[^ ]+)\s+(nfc_id|NFO)

It has a named capturing group : (?P<nfo_hostname>[^ ]+)

What could be wrong? The error is not present when checking the built spl file with the CLI version of AppInspect v2.2.0

In my opinion it might be a bug in AppInspect. Attempted to  email appinspect@splunk.com, but it is bouncing back. Is there some other channel to reach the AppInspect team?

0 Karma
Reply

imrago
Contributor
‎07-23-2020 01:48 PM

I had found out that it is a bug which will be fixed in the future.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...