You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This error seems to occur because dict_reader.py populates the fieldnames property with only the non __mv_* field names, which causes super(DictReader, self).next() to return a dict where the __mv_* fields are grouped together in a single dictionary entry.
Example:
Splunk passes a set of field names to the custom command:
test1,test2,__mv_test1,__mv_test2
splunk_csv.DictReader.fieldnames gets called which results in:
splunk_csv.DictReader.next is called, which in turn calls csv.DictReader.next and reads an event from Splunk:
"1 2 3","9193","$1$,$2$,$3$",
csv.DictReader.next combines the event and fieldnames property...
d = dict(zip(self.fieldnames, row))
lf = len(self.fieldnames)
lr = len(row)
if lf < lr:
d[self.restkey] = row[lf:]
elif lf > lr:
for key in self.fieldnames[lr:]:
d[key] = self.restval
return d
Because this method uses fieldnames, d now contains:
This error seems to occur because dict_reader.py populates the fieldnames property with only the non
__mv_*field names, which causessuper(DictReader, self).next()to return adictwhere the__mv_*fields are grouped together in a single dictionary entry.Example:
Splunk passes a set of field names to the custom command:
splunk_csv.DictReader.fieldnamesgets called which results in:Note that
__fieldnamesis returned.splunk_csv.DictReader.nextis called, which in turn callscsv.DictReader.nextand reads an event from Splunk:csv.DictReader.nextcombines the event andfieldnamesproperty...Because this method uses
fieldnames,dnow contains:splunk_csv.DictReader.nextiterates overself.__mv_fieldnamesand attempts to look up "__mv_test1" in the dictionary, which results in a KeyError.Running Splunk 6.2.4
Python SDK 1.3.1