When a value in a multivalue field is blank, for whatever reason, splunk records '$$' in the results.csv.gz file. This code fails then and throws an unhandled exception:
`matches = re.match(r'\$(.+)\$', val)
values.append(matches.group(1))`
I am planning to test a change in my environment (because this is impacting alert generation for a couple of my alerts) by changing this section to:
`for val in line[k].split(";"):
try:
if val != '$$':
matches = re.match(r'\$(.+)\$', val)
values.append(matches.group(1))
except:
# Found an issue in the regex match that impacted me and I don't want it to happen again.
continue`
When a value in a multivalue field is blank, for whatever reason, splunk records '$$' in the results.csv.gz file. This code fails then and throws an unhandled exception: `matches = re.match(r'\$(.+)\$', val)
values.append(matches.group(1))`
I am planning to test a change in my environment (because this is impacting alert generation for a couple of my alerts) by changing this section to: `for val in line[k].split(";"):