Why are the below fields for this source literally 'Multiple_Values'? I tracked it down, and it seems only clusters with the OS NetApp Release 8.3.1P1 show this behavior.
Is this a bug, or has it a reason?
The fields having those values:
hostname
node_name
node_uuid
serial_no
The new version of the Splunk ONTAP apps (2.1.4) did not solve the issue.
Also observed on v8.3.2P6
Rewrote ./bin/ta_ontap/OntapPerf.py to query system:node instead of system (as held in the objectType parameter), when ontap v8.3+ is detected. Amended OntapClinet.py as well (to manage querying the ontap version). Not a 100% fix, as it appears some of the resulting attributes are different - not a perfect 1:1 match for data structure - but good enough for us.
Small print in the hardware and software requirements for the Splunk app do actually note that only up to 8.2 is supported...
Splunk App developers have been contacted with details of my workaround.
Investigation has shown that 8.3 returns different information to 8.2 - case opened with Splunk and NetApp to resolve.
Basic issue - for a cluster, when asked for system objects. 8.2 returned an object per node. 8.3 returns a one cluster object.
We also opened a case with NetApp. This party told us that the multiple_values is 'by design'. Any update from your part?