All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

[Bug Report - Reported To Devs] If You Are Having Some Issues With Missing Entities in SAI, This May Help

paimonsoror
Builder
‎10-30-2018 05:45 AM

Hi Folks; So Hopefully I have the blessing of the folks from the slack channel that I have been working with but I wanted to make sure to share this out with folks who may be having the same issue. Basically I was having problems with a bunch of my entities, especially AWS EC2 instances. After digging through the code, I found an issue with a few of the searches where we were missing wrapped quotes in some of the key value pairs. This was causing a few issues with some tag values that had spaces in them.

To Use
Replace:

{SPLUNK_HOME}/etc/apps/splunk_app_infrastructure/bin/em_search_manager.py

With the one included in the attached zip file.

I've already opened a case with Support and spoken to the folks on Slack, and i believe they are working on the fix but I wanted to make sure that anyone else who is experiencing this issue has a gap fill until a new release 🙂

em_search_manager.py update

For those interested in where the changes were:

under 'get_all_dims_from_dims_name'

       for d in dims_name:
            if d not in id_dims_name:
                values_part += 'values("%s") as "%s" ' % (d, d)
        spl = '| mcatalog %s WHERE metric_name=%s AND (`sai_metrics_indexes`) BY %s' % (
            values_part, predicate, id_predicate)

and 'get_dimension_names_by_id_dims'

        for iden in iden_fields:
            fields_part += 'values("%s") ' % iden
        fields_list = ', '.join(iden_fields)
        spl = '| mcatalog %s, values("_dims") as "dims" WHERE metric_name=%s AND (`sai_metrics_indexes`) BY %s \
            | table dims' % (fields_part, predicate, fields_list)
em-search-managerpy.zip
Reply

yannK
Splunk Employee
Splunk Employee
‎11-01-2018 10:16 AM

The internal bug reference is SII-3114. The fix should be part of a futur version.

0 Karma
Reply

paimonsoror
Builder
‎11-02-2018 11:42 AM

That's great! If you need someone to do some testing, feel free to reach out!

0 Karma
Reply

pwu_splunk
Splunk Employee
Splunk Employee
‎07-23-2019 10:28 AM

Just a very belated update: This was fixed as part of version 1.2.2. Thanks for the reporting and debugging!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...