1

I'm using splunk-client to extract results from splunk. Here's the code:

query = "sourcetype=collection #{order_id}"
search = @splunk_client.search(query)
search.wait

The search is happening fine, and it seems like I'm doing everything according to the example (https://github.com/cbrito/splunk-client), but I get this error on the 'search.wait' line:

Undefined namespace prefix: //s:key[@name='isDone']

Any ideas what could be going wrong? Running these commands in irb works fine. Is there some sort of blocking issue?

4

2 回答 2

1

There is currently very little error checking which occurs within the gem itself. The reason for the error is that wait looks for the status of the isDone key to change to true.

Since your credentials were not properly setup in the first place, the gem creates a search object with an invalid session. The search does not initially fail, because enough response came back from Splunk that Nokogiri processes it into an object without a Splunk search sid.

In the future I should likely raise an exception if a proper sid is not returned to avoid confusion.

Source: I wrote the gem.

于 2013-01-17T20:55:02.830 回答
0

I found out the issue -- the splunk client wasn't authenticating properly, and so search was actually a broken SplunkJob object (with a nil username and authentication key). It's strange that there was no error raised until the wait command, but upon inspecting the search object, one of the fields stated that the object was malformed.

于 2012-07-19T00:16:33.223 回答