Why are alerts not working after upgrade to Splunk...

levent_kurt · ‎01-08-2017

Hi,

All of our alerts are not working after the upgrade to Splunk 6.5.1 from 6.3.0.

In the scheduler.log I have this error:

ERROR SavedSplunker - vector::_M_range_check: __n (which is 0) >= this->size() (which is 0)

Anyone else have this issue ?

Thanks !

twinspop · ‎01-09-2017

In our case it was a stats/chart command with a repeated field.

| stats last(fieldA) as fieldA ... last(fieldA) as fieldA

As soon as we removed the repeated fields, scheduling started firing.

ddrillic · ‎01-08-2017

An identical error message when upgrading to 6.5.0 -

ERROR SavedSplunker - vector::_M_range_check: __n (which is 0) >= this->size() (which is 0)

It's at Why are alerts not working after upgrade to Splunk 6.5.0?

@alewkowicz says -

levent_kurt · ‎01-09-2017

I downvoted this post because the issue is with 6.5.1, not 6.5.0

ddrillic · ‎01-09-2017

You must be joking, right? ; -) it's the same issue and we are here to assist you at any time ....

levent_kurt · ‎01-09-2017

Sorry for the confusion but we are using 6.5.1 version. @alewkowicz experienced this issue with 6.5.0 version Splunk support reported that it will be fixed in 6.5.1. Do you mean that the issue may not still be 6.5.1?

ddrillic · ‎01-09-2017

You see the issue, right? ; -) So, apparently, it's still there...

ddrillic · ‎01-10-2017

Splunk via @christopherr said the following in the other thread -

levent_kurt · ‎01-08-2017

Reporter of the issue was using 6.5.0 but out version is 6.5.1, which this issue is supposed to be fixed.

Why are alerts not working after upgrade to Splunk 6.5.1?

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes