All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Problem with reserved _id KV field

tofa
Explorer
‎03-04-2021 06:02 AM

Hi team,

I am running the latest Hurricane Labs Shodan version 2.0.8, but I am getting this error when running the saved search:

03-04-2021 13:50:53.754 ERROR KVStoreLookup - KV Store output failed with err: The _id field is a reserved field and may not be present in a document or query. message: 
03-04-2021 13:50:53.755 ERROR SearchResultsFiles - An error occurred while saving to the KV Store. Look at search.log for more information.
03-04-2021 13:50:53.755 ERROR outputcsv - sid:1614865793.691 Could not write to collection 'shodan_output': An error occurred while saving to the KV Store. Look at search.log for more information..

It looks like that, somehow, an _id field is being generated from the search

tofa_0-1614866434039.png

I could rename it of course, but I do not know how it is going to impact the rest of the app without troubleshooting it so I was wondering, how can I fix it quickly and, eventually, get the app updated to prevent such error on the next iterations?

Thanks and regards!

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top