Hello Splunkers !!
In below screenshot, we are getting the results in one of our Splunk report. But here is the issue that, we are getting blank column results also( highlighted yellow ). So please let me understand this is the issue with any python version or any other workaround available for this issue ?
Thanks in advance
Since you post a screenshot of a file opened in Excel I assume that you're getting a csv file mailed to you as a result of a scheduled report.
If there are no values in those fields, it means that the search generating that report creates that field but doesn't have data to fill it with.
You need the search powering your report fixed or maybe your data itself is missing some fields. I have no idea - it's your data and your search - we have no knowledge of what's going on underneath.
@PickleRick Actually that is the bug fixer task. The issue happened after the upgrade of Splunk 8.0.3 ( not sure about version). Before the version upgrade it was worked fine.
OK. If it's related to the Splunk upgrade, the most obvious thing to check would be whether something (be it some search custom command or something in ingestion path) uses a no-longer-supported Python version. If that's the case, you have to update that component to use Python3.
But it may also be just a coincidence and - for example - your source might have changed format in which it is sending data/writing logs/whatever and it could be completely unrelated to the upgrade itself (happened to me once).
My Splunk version is on 8.1.1. And per the available workaround in known issues. It is referring to change the python version in command.conf file. Is this work, because as per the official Splunk notes. Splunk 8.x is compatible with python 3 & python 2. Please guide me on this.
https://docs.splunk.com/Documentation/Splunk/8.1.1/ReleaseNotes/KnownIssues
1. This issue says about blank rows. You're getting blank columns. That's not the same.
2. End of Support for 8.1 is Apr 19th 2023 so you don't have much time for update if you want to stay with supported version.
3. Instead of jumping to conclusions and googling something that vaguely resembles your problem, do some troubleshooting. Do you get blank fields in emailed results only or is the search run manually on SH also producing blank fields? What actually is in your search? Do you have all the data? Just because something says "blank" doesn't mean that it fits your case.
Please share what you have in Splunk (not a screenshot of an Excel spreadsheet).
@ITWhisperer I signed off for a day. Sure I will share the Splunk results tommorow.