All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

[Bug Report - Reported To Devs] If You Are Having Some Issues With Missing Entities in SAI, This May Help

paimonsoror
Builder
‎10-30-2018 05:45 AM

Hi Folks; So Hopefully I have the blessing of the folks from the slack channel that I have been working with but I wanted to make sure to share this out with folks who may be having the same issue. Basically I was having problems with a bunch of my entities, especially AWS EC2 instances. After digging through the code, I found an issue with a few of the searches where we were missing wrapped quotes in some of the key value pairs. This was causing a few issues with some tag values that had spaces in them.

To Use
Replace:

{SPLUNK_HOME}/etc/apps/splunk_app_infrastructure/bin/em_search_manager.py

With the one included in the attached zip file.

I've already opened a case with Support and spoken to the folks on Slack, and i believe they are working on the fix but I wanted to make sure that anyone else who is experiencing this issue has a gap fill until a new release 🙂

em_search_manager.py update

For those interested in where the changes were:

under 'get_all_dims_from_dims_name'

       for d in dims_name:
            if d not in id_dims_name:
                values_part += 'values("%s") as "%s" ' % (d, d)
        spl = '| mcatalog %s WHERE metric_name=%s AND (`sai_metrics_indexes`) BY %s' % (
            values_part, predicate, id_predicate)

and 'get_dimension_names_by_id_dims'

        for iden in iden_fields:
            fields_part += 'values("%s") ' % iden
        fields_list = ', '.join(iden_fields)
        spl = '| mcatalog %s, values("_dims") as "dims" WHERE metric_name=%s AND (`sai_metrics_indexes`) BY %s \
            | table dims' % (fields_part, predicate, fields_list)
em-search-managerpy.zip
Reply

yannK
Splunk Employee
Splunk Employee
‎11-01-2018 10:16 AM

The internal bug reference is SII-3114. The fix should be part of a futur version.

0 Karma
Reply

paimonsoror
Builder
‎11-02-2018 11:42 AM

That's great! If you need someone to do some testing, feel free to reach out!

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎07-23-2019 10:28 AM

Just a very belated update: This was fixed as part of version 1.2.2. Thanks for the reporting and debugging!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...