Open
Description
While testing SC4SNMP against windows hosts we noticed ifDescr is being returned with \u0000 sequence at the end, what causes problems with indexing on Splunk side. From SC4SNMP everything looks correct, but profiles containing IF-MIB are not present in Splunk.
While checking _internal index such logs are visible:
ERROR STMgr [593446 IndexerTPoolWorker-5] - dir='/opt/splunk/var/lib/splunk/netmetrics/db/hot_v1_27' unexpected rc=-105 (metric= metric_name::sc4snmp.IF-MIB.ifOutOctets, len=40, value=0.000000) warm_rc[0,2] from st_txn_put_measure
Looks like \u0000 null characters can disrupt parsing, truncate events, or cause Splunk to drop events.