Re: Using c# SavedSearchTemplateArgs hangs report ...

a8hill · ‎06-28-2016

The report below runs fine if the value for “Account Name” is hard coded like Account Name=a8hill. If I try to pass the $samaccountname$ parameter as in the code below, Splunk hangs on Line 263 in SearchResultsStreams.cs when enumerating the result. Please advise.

string query = "sourcetype=ADAuditLog:* Account_Name=$samaccountname$ earliest=-day | head 500";

SavedSearchDispatchArgs dispatch = new SavedSearchDispatchArgs(); (OR dispatch = null)

SavedSearchTemplateArgs template = new SavedSearchTemplateArgs();
Argument arg = new Argument("samaccountname", "a8hill");
template.Add(arg);

await service.LogOnAsync(SplunkGlobal.Config.UserName, SplunkGlobal.Config.Password);

SavedSearch savedSearch = await service.SavedSearches.GetOrNullAsync(searchName);

if (savedSearch != null)
{
Job job = await savedSearch.DispatchAsync(dispatch, template);

stream = await job.GetSearchResultsAsync();

foreach (SearchResult result in stream) //HANGS HERE WITH ERROR BELOW
{
    Debug.WriteLine(result);
}
}

Line 263 SearchResultsStreams.cs
Debug.Assert(reader.NodeType == XmlNodeType.EndElement && reader.Name == "results", "Expected: ");

Anthony Hill
ACT AD/Messaging Team

tmackay2015 · ‎11-23-2016

Stu, Anthony,
I think this is fixed in release 2.2.5 its availible on github.
-Tom

Stuarth09 · ‎07-05-2016

I've got the same problem, but it seems to occur only when I run a search that returns no results.

Using c# SavedSearchTemplateArgs hangs report when enumerating stream

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation