Solved: Re: PARSER: Applying Intentions failed 'unicode' o...

blurblebot · ‎08-24-2010

Though this has been discussed on Splunk Answers, the prevailing solution has not worked for me.

As per the discussions on Splunk Answers, I've switched the "intention" and "replacementMap" params in my xml, but as soon as I populate the search field, the error is thrown. If I leave it blank, it uses the default value from the xml, but that's as much luck as I can wrangle.

Below is the EFS section modified as per prevailing recommendations:

<module name="ExtendedFieldSearch"
layoutPanel="viewHeader">
     <param name="intention">
     <param name="name">stringreplace</param>
     <param name="arg">
    <param name="sourcetypeToken">
       <param name="default">*</param>
       <param name="fillOnEmpty">True</param>
     </param>
   </param>
 </param>   <param name="replacementMap">
   <param name="arg">
     <param name="sourcetypeToken"/>
   </param>
 </param>
 <param name="field">sourcetype</param>
 <param name="q">splunkd</param>

...

gkanapathy · ‎08-24-2010

You are right that the "accepted" answer here is wrong. However, the other upvoted answer by dmlee is correct.

Swapping the sections I would not expect to have any effect. However, your replacmentMap arg needs a value:

<module name="ExtendedFieldSearch" layoutPanel="viewHeader">
  <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="default">*</param>
        <param name="fillOnEmpty">True</param>
      </param>
    </param>
  </param>   
  <param name="replacementMap">
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="value"></param>
      </param>
    </param>
  </param>
  <param name="field">sourcetype</param>
  <param name="q">splunkd</param>

View solution in original post

gkanapathy · ‎08-24-2010

You are right that the "accepted" answer here is wrong. However, the other upvoted answer by dmlee is correct.

Swapping the sections I would not expect to have any effect. However, your replacmentMap arg needs a value:

<module name="ExtendedFieldSearch" layoutPanel="viewHeader">
  <param name="intention">
    <param name="name">stringreplace</param>
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="default">*</param>
        <param name="fillOnEmpty">True</param>
      </param>
    </param>
  </param>   
  <param name="replacementMap">
    <param name="arg">
      <param name="sourcetypeToken">
        <param name="value"></param>
      </param>
    </param>
  </param>
  <param name="field">sourcetype</param>
  <param name="q">splunkd</param>

r999 · ‎06-28-2012

what have you changed? only added

?

PARSER: Applying Intentions failed 'unicode' object has no attribute 'get'

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...