I run to an issue with special characters suppression in this alert manager app https://splunkbase.splunk.com/app/2665/.
When I use some test alert with title "test" the suppression of newly created alert works as expected - every new incident is suppressed until the first one is not resolved.
But when I use user specific title, which contains special characters like "ä" or "ü", the suppression does not work anymore - every new incident is simply new incident.
Can someone help me, or there is only option to use it without special character?
... View more
in the past few weeks, we have run into some strange behavior with a data model. It is somehow connected to geofence. We named our lookup definition for it as ld_geoContEurope and used the results in data model. But somehow, the name "ld_geoContEurope" appears in fields values, so we get values like "outOfEurope", "inEurope", and "ld_geoContEurope". And this "ld_geoContEurope" also appeared in other fields of the data model.
But, it only appears when we use tstats with summerizeonly=t and we try to show respective fields and these are not defined in raw events. For example | tstats summarizeonly=t count by datamodel.speed shows values like
as we can see, 2 events don't have a defined attribute speed as it is optional in the event.
When we use command | from datamodel | stats count by speed , it shows only:
as events have defined only those values.
Splunk version 6.5.8
Can someone help?
Thanks for any advice.
... View more