We encountered some issues when upgrading our clustered indexes infrastructure from 7.2.4 to 7.2.5. The upgrade process for all machines worked as expected, however, when trying to access our search head, it seemed not to be able to communicate with the rest of our infrastructure.

After debugging the logfiles we found out that some of our defined FIELDALIAS'es in the props.conf on one of our custom apps was causing the search head to fatally crash. The following line within the crash log seemed to be at the base of the problem.

03-28-2019 16:24:20.505 WARN  FieldAliaser - Invalid field alias specification in stanza 'XXX': FIELDALIAS-file_hash='TargetHash' (type='targethash')
    03-28-2019 16:24:20.548 WARN  CalcFieldProcessor - Invalid eval expression for 'EVAL-user' in stanza [XXX]: The expression is malformed. Expected ).

Even though the log does not indicate it to be an error, these were the last couple of lines prior to the application crashing. After uncommenting these field aliases in the application, all functionality went back to normal. Prior to the upgrade, however, these aliases did not have any impact on the search head's functionality.

I am wondering whether something changed with the current upgrade that could cause this issue. After looking into the patchnotes, I could not determine any significant changes that would. We rely on those custom apps for our day-to-day operations and having those fields is essential for us.