weilliu
commented
1 year ago @obpedro Thanks for reporting the issues. I agree that the error message could be more intuitive.
The first error local variable 'r_json' referenced before assignment returns on 0 matching event, and the second error 'NoneType' object has no attribute 'steps_completed' seem to return when the query contains invalid syntax (i.e. message=*CRYPTO* instead of message contains 'CRYPTO' ). You may find the query syntax in the DataSet doc.
I do believe the error message could be improved but need to confirm it with the engineering. If so, we will open a ticket to address it and fix the error message.
Either way, we appreciate your interest and please feel free to report any additional issues encountered!
mike-mcgrail
Hi team,
First of all, I want to say I love the TA. I just started working with it today and so far it's been amazing, and I look forward to doing some cool stuff with it.
One thing I wanted to open an issue for is that I've been getting the following error whenever I type an invalid query:
local variable 'r_json' referenced before assignment. As an example, I get this error when I type in the first example query in this repo's readme:| dataset method=query search="serverHost = * AND Action = 'allow'" maxcount=50 starttime=10m endtime=1mAnother error I've received is
'NoneType' object has no attribute 'steps_completed'This is the query I typed in when I received that error:| dataset maxcount=6 method=query search="logfile=\"/var/log/audit/audit.log\" message=*CRYPTO*" | spathAdmittedly the query contains invalid syntax (I later learned to use 'contains') but it would be great to have a more helpful error message.All that said, maybe these things are due to limitations with what Splunk allows in its SDK and there's nothing that can be done about it, but I still wanted to open the issue just in case.
Thanks! Pedro