All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

TA Meraki: how do I fix the bug I found in my splunkd.log?

jcooperFossil
Path Finder
‎09-07-2018 12:24 PM

In the props.conf of the TA on line 65 is the following:

EVAL-lease_scope = if(len(lease_scope_subnet)=>1,src."/".lease_scope_subnet,null())

Looking through my splunkd.log, I see the below error. Sadly my regex-fu isn't that good; what is wrong, and how would I fix it?

WARN  CalcFieldProcessor - Invalid eval expression for 'EVAL-lease_scope' in stanza [meraki]: The expression is malformed. An unexpected character is reached at '>1,src."/".lease_scope_subnet,null())
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

worshamn
Contributor
‎09-08-2018 10:25 AM

It is just a syntax error in your greater than or equal to expression. Swap the > and = signs around.
You can recreate the problem in SPL by just doing this:

| makeresults 
| eval test = 2
| eval test2 = if(len(test) => 1, "yes", null())

See it error and then see it happy with:

| makeresults 
| eval test = 2
| eval test2 = if(len(test) >= 1, "yes", null())

View solution in original post

Reply
Solved! Jump to solution
Solution

worshamn
Contributor
‎09-08-2018 10:25 AM

It is just a syntax error in your greater than or equal to expression. Swap the > and = signs around.
You can recreate the problem in SPL by just doing this:

| makeresults 
| eval test = 2
| eval test2 = if(len(test) => 1, "yes", null())

See it error and then see it happy with:

| makeresults 
| eval test = 2
| eval test2 = if(len(test) >= 1, "yes", null())
Reply
Solved! Jump to solution

jcooperFossil
Path Finder
‎09-10-2018 07:36 AM

Thanks Worshamm!

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎09-07-2018 12:44 PM

hello there,

see what it tries to do,
create your on expression for lease_scope
create local folder in the TA and add new props.conf with the correction
make sure you ally the configuration the correct [stanza]

please share your solution with us so others can enjoy too!

0 Karma
Reply
Solved! Jump to solution

jcooperFossil
Path Finder
‎09-07-2018 12:51 PM

I have no idea what it is trying to do (which is why I posted this question). I'm just trying to clean up errors in the logs.
Thanks for replying though.

0 Karma
Reply
Solved! Jump to solution

myron_davis
Path Finder
‎09-24-2018 08:57 PM

I'll investigate. That was one I never caught... sorry.

The purpose was for the DHCP tag under the common information model "Sessions"

DHCP lease_scope string The consecutive range of possible IP addresses that the DHCP server can lease to clients on a subnet. A lease_scope typically defines a single physical subnet on your network to which DHCP services are offered.

I thought I tested it against several different pieces of data. But I missed that one :(.

After testing it I'll upload a new package.

0 Karma
Reply
Solved! Jump to solution

jmantor
Path Finder
‎08-20-2019 01:46 PM

A co-worker of mine just discovered that we're seeing the same error in version 1.0.6.
Just wondering if that is fixed in later versions?

0 Karma
Reply
Solved! Jump to solution

myron_davis
Path Finder
‎08-20-2019 02:31 PM

I pushed out a new release into the repo:
https://github.com/AlaskaSSO/TA-meraki/releases/tag/v1.1.2

If it looks good I'll push it up to the splunk app store.

0 Karma
Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...