All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Problem with reserved _id KV field

tofa
Explorer
‎03-04-2021 06:02 AM

Hi team,

I am running the latest Hurricane Labs Shodan version 2.0.8, but I am getting this error when running the saved search:

03-04-2021 13:50:53.754 ERROR KVStoreLookup - KV Store output failed with err: The _id field is a reserved field and may not be present in a document or query. message: 
03-04-2021 13:50:53.755 ERROR SearchResultsFiles - An error occurred while saving to the KV Store. Look at search.log for more information.
03-04-2021 13:50:53.755 ERROR outputcsv - sid:1614865793.691 Could not write to collection 'shodan_output': An error occurred while saving to the KV Store. Look at search.log for more information..

It looks like that, somehow, an _id field is being generated from the search

tofa_0-1614866434039.png

I could rename it of course, but I do not know how it is going to impact the rest of the app without troubleshooting it so I was wondering, how can I fix it quickly and, eventually, get the app updated to prevent such error on the next iterations?

Thanks and regards!

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Brute Force Account Takeover Fraud with Splunk

This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...

Buttercup Games: Further Dashboarding Techniques (Part 9)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games: Further Dashboarding Techniques (Part 8)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top