All Apps and Add-ons

Why am I receiving the following Collections.conf and Drilldown_settings warning messages after installing the Alert Manager App?

MSKinder
Engager

Hello,

After installing the new Alert Manager app, I received the following message in Splunkd.log

"MongoModificationsTracker - Could not load configuration for collection 'drilldown_settings' in application 'alert_manager'. Collection will be ignored."

This is because there isn't a stanza value in the collections.conf titled drilldown_settings, as well as no key value pairs. I've disabled the collections within lookups so the error no longer fires.

Is this something that was missed by the App author?

Is drilldown_settings remnants from the older version of alert_manger?

If you repaired this within collections.conf could you be specific about where you find the information? (ie which Python script and where at in the Python script),Hello,

Tags (1)

napomokoetle
Communicator

When creating the collection definition in /opt/splunk/etc/apps/alert_manager/default/transforms.conf for the alert_manager splunk app, the author/s were not uniform in listing the fields for the 'drilldown_settings' collection, and that creates the error you're witnessing in your splunkd.log file.

To fix the issue, just put a space between the comman (,) and field name "label" in the fields_list parameter

ORIGINAL DEFINITION LOOKS AS FOLLOWS:

[drilldown_settings]
external_type = kvstore
collection = drilldown_settings
fields_list = _key, type*,label*, search, field, disabled, comment

AFTER EDITING THE DEFINITION, IT SHOULD LOOK AS FOLLOWS

[drilldown_settings]
external_type = kvstore
collection = drilldown_settings
fields_list = _key, type, label, search, field, disabled, comment

I hope that helps.

pisit_t
Engager

i found another solution that you change configuration in $SPLUNK_HOME/etc/apps/alert_manager/default/collections.conf , then add text below in bottom of the files

[drilldown_settings]
enforceTypes = true
field.type = string
field.field = string
field.disabled = bool
field.label = string
field.search = string

field.comment = string

save its and restart splunk service, after that the WARNING is nothing 😄

reference change from github:
https://github.com/alertmanager/alert_manager/commit/d6b0836579805428217dac2c5b0a5a0e32b4c87f#diff-2...

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...