Solved: PARSER: Applying Intentions failed 'unicode' objec...

blurblebot · ‎08-24-2010

Though this has been discussed on Splunk Answers, the prevailing solution has not worked for me.

As per the discussions on Splunk Answers, I've switched the "intention" and "replacementMap" params in my xml, but as soon as I populate the search field, the error is thrown. If I leave it blank, it uses the default value from the xml, but that's as much luck as I can wrangle.

Below is the EFS section modified as per prevailing recommendations:

<module name="ExtendedFieldSearch"
layoutPanel="viewHeader">
     <param name="intention">
     <param name="name">stringreplace</param>
     <param name="arg">
    <param name="sourcetypeToken">
       <param name="default">*</param>
       <param name="fillOnEmpty">True</param>
     </param>
   </param>
 </param>   <param name="replacementMap">
   <param name="arg">
     <param name="sourcetypeToken"/>
   </param>
 </param>
 <param name="field">sourcetype</param>
 <param name="q">splunkd</param>

...

gkanapathy · ‎08-24-2010

You are right that the "accepted" answer here is wrong. However, the other upvoted answer by dmlee is correct.

Swapping the sections I would not expect to have any effect. However, your replacmentMap arg needs a value:

<module name="ExtendedFieldSearch" layoutPanel="viewHeader">
  <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="default">*</param>
        <param name="fillOnEmpty">True</param>
      </param>
    </param>
  </param>   
  <param name="replacementMap">
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="value"></param>
      </param>
    </param>
  </param>
  <param name="field">sourcetype</param>
  <param name="q">splunkd</param>

View solution in original post

gkanapathy · ‎08-24-2010

You are right that the "accepted" answer here is wrong. However, the other upvoted answer by dmlee is correct.

Swapping the sections I would not expect to have any effect. However, your replacmentMap arg needs a value:

<module name="ExtendedFieldSearch" layoutPanel="viewHeader">
  <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="default">*</param>
        <param name="fillOnEmpty">True</param>
      </param>
    </param>
  </param>   
  <param name="replacementMap">
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="value"></param>
      </param>
    </param>
  </param>
  <param name="field">sourcetype</param>
  <param name="q">splunkd</param>

r999 · ‎06-28-2012

what have you changed? only added

?

PARSER: Applying Intentions failed 'unicode' object has no attribute 'get'

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

Are you a member of the Splunk Community?

PARSER: Applying Intentions failed 'unicode' object has no attribute 'get'

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!