Bug #59231 for WWW-Splunk: Pipe symbol causes silent failure

RT for rt.cpan.org

This queue is for tickets about the WWW-Splunk CPAN distribution.

Report information

The Basics

Id:	59231
Status:	resolved
Priority:	0/
Queue:	WWW-Splunk

People

Owner:	Nobody in particular
Requestors:	todd.bruner [...] gmail.com
Cc:
AdminCc:

Bug Information

Severity:	Important
Broken in:	1.03
Fixed in:	(no value)

History Show all quoted text

Fri Jul 09 16:49:41 2010 todd.bruner [...] gmail.com - Ticket created

Subject:

Pipe symbol causes silent failure

Trying to send splunk the following query: sourcetype="tcp-raw" minutesago=15 NOT "gov" NOT "arpa" NOT "localhost" NOT "loopback" uri_domain="*" | stats count(uri_domain) by uri_domain and no results are returned. (returns thousands from Splunk web interface). Truncate from the | (pipe) symbol on and I get data. obviously I want to use splunk to do aggregation if possible. Thanks, Todd

Sun Dec 12 07:52:58 2010 lubo.rintel [...] gooddata.com - Correspondence added

From:

lubo.rintel [...] gooddata.com

On Fri Jul 09 16:49:41 2010, toddbruner wrote: Show quoted text

> Trying to send splunk the following query: > > sourcetype="tcp-raw" minutesago=15 NOT "gov" NOT "arpa" NOT > "localhost" NOT "loopback" > uri_domain="*" | stats count(uri_domain) by uri_domain > > and no results are returned.

Thanks for the report. The issue was addressed in version v1.10 that was submitted into CPAN today and will show up in a couple of hours (until the, you can get it from GitHub: https://github.com/lkundrak/perl-WWW-Splunk/archives/v1.10)

Sun Dec 12 07:52:59 2010 The RT System itself - Status changed from 'new' to 'open'

Tue Aug 07 05:50:08 2012 lubo.rintel [...] gooddata.com - Status changed from 'open' to 'resolved'