search

alertmanager / alert_manager

Splunk Alert Manager with advanced reporting on alerts, workflows (modify assignee, status, severity) and auto-resolve features
Other
81 stars 44 forks source link

Multivalue Handling Fails in CsvResultParser.py #126

Closed johnfromthefuture closed 8 years ago

johnfromthefuture commented 8 years ago

When a value in a multivalue field is blank, for whatever reason, splunk records '$$' in the results.csv.gz file. This code fails then and throws an unhandled exception: `matches = re.match(r'\$(.+)\$', val)

values.append(matches.group(1))`

I am planning to test a change in my environment (because this is impacting alert generation for a couple of my alerts) by changing this section to: `for val in line[k].split(";"):

try:

    if val != '$$':

        matches = re.match(r'\$(.+)\$', val)

        values.append(matches.group(1))

except:

    # Found an issue in the regex match that impacted me and I don't want it to happen again.

    continue`
johnfromthefuture commented 8 years ago

Just wanted to add that the fix provided above did correct the issue I was experiencing without impacting operations.

simcen commented 8 years ago

Thx for the report, will include this within the next release