Hi,

I am getting errors similar to below for 5 inputs.conf.spec stanzas:

03-22-2023 09:03:52.484 +0000 WARN  SpecFiles [45520 ConfReplicationThread] - Found parameter "python.version" inside "/apps/splunk/splunk/etc/apps/splunk_app_soar/README/inputs.conf.spec", scheme "audit://", but this parameter will be ignored as it does not contain the correct sequence of characters (a parameter name must match the regex "([0-9a-zA-Z][0-9a-zA-Z_-]*)").

The 5 stanzas are:

• Splunk_TA_paloalto/README/inputs.conf.spec", scheme "iot_security://"
• TA-tenable/README/inputs.conf.spec", scheme "tenable_io://"
• TA-tenable/README/inputs.conf.spec", scheme "tenable_securitycenter://"
• TA-tenable/README/inputs.conf.spec", scheme "tenable_securitycenter_mobile://"
• splunk_app_soar/README/inputs.conf.spec", scheme "audit://"

The definitions for python.version in each stanza are:

• Splunk_TA_paloalto/README/inputs.conf.spec: [] python.version = python3
• TA-tenable/README/inputs.conf.spec: [tenable_io://] python.version = python3
• TA-tenable/README/inputs.conf.spec: [tenable_securitycenter://] python.version = python3
• TA-tenable/README/inputs.conf.spec: [tenable_securitycenter_mobile://] python.version = python3
• splunk_app_soar/README/inputs.conf.spec: [audit://] python.version = {default|python|python2|python3}

All the definitions for python.version seem to match the regex requirement stated in the warning.

Also I have other spec files with python.version defined in the same way that are not causing these messages:

• system/README/inputs.conf.spec: [script://] python.version = {default|python|python2|python3}
• TA-MS-AAD/README/alert_actions.conf.spec: [dismiss_azure_alert] python.version = python3

Anyone have any ideas how to stop these messages being generated?