Splunk Enterprise

How d I fix: scheduler.log _internal index "reason" field bug?

splunkadmin
Explorer

In Splunk Enterprise 9.0.0.1, I scheduled a saved search with an invalid macro name in it. When run, I receive the following error message as I should:

Error in 'SearchParser': The search specifies a macro 'my_macro' that cannot be found. Reasons include: the macro name is misspelled, you do not have "read" permission for the macro, or the macro has not been shared with this application. Click Settings, Advanced search, Search Macros to view macro information.

The search was skipped, the error was logged to scheduler.log, and the log ingested into _internal all as expected. However, the reason field gets cut off because of the quotation marks in the error message. It thinks the field value ends at "have" when it should end at "information."

splunkadmin_0-1661454258585.png

I believe this is a minor defect. Is there any way to submit a bug report? I tried creating a case but received a message saying I don't have  a Support Contract or entitlement to do so. Can anyone point me in the right direction?

Thanks!

 

Edit: Created Splunk Ideas post: https://ideas.splunk.com/ideas/EID-I-1586

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

You may be right about that.  Go to https://ideas.splunk.com to report it.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

You may be right about that.  Go to https://ideas.splunk.com to report it.

---
If this reply helps you, Karma would be appreciated.

splunkadmin
Explorer

I'll post there, but is there really no better way for Splunk to accept user-found bugs than this? It feels like a bug report would get lost in a sea of feature requests there

0 Karma

richgalloway
SplunkTrust
SplunkTrust

"This is the way."  We used to submit P4 support tickets, but now Splunk says to go to Ideas.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...