From c12ddebed6c4a713a8bc023ac66ad489d2e36d03 Mon Sep 17 00:00:00 2001
From: Darragh O'Reilly <doreilly@suse.com>
Date: Tue, 7 Apr 2026 17:52:55 +0100
Subject: [PATCH] Fix symbol not found errors from SUSE.Linux.Events.Services

Sometimes grok() fails to parse the output of systemctl and the logs
get spammed with "symbol not found in scope" error messages.

Fix by not referencing the expected symbols in the serviceDetails()
function as there is no need. They are referenced from a dict in the
main SELECT and get the value of null if they don't exist without any
error messages.
---
 artifacts/definitions/SUSE/Linux/Events/Services.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/artifacts/definitions/SUSE/Linux/Events/Services.yaml b/artifacts/definitions/SUSE/Linux/Events/Services.yaml
index 111748b89..ee72bb73b 100644
--- a/artifacts/definitions/SUSE/Linux/Events/Services.yaml
+++ b/artifacts/definitions/SUSE/Linux/Events/Services.yaml
@@ -19,7 +19,7 @@ sources:
       LET pattern = "%{NUMBER:pid}\n\{ path\=%{DATA:process} .*\n%{DATA:description}\n%{DATA:state}\n"
 
       -- local function runs systemctl, parses output and deconstructs dict from grok
-      LET serviceDetails(name) = SELECT pid, process, description, state
+      LET serviceDetails(name) = SELECT *
         FROM foreach(
           row= { SELECT grok(data=stdout, grok=pattern) AS parsed
                  FROM execve(argv=["systemctl", "show", name, "--value", "--property=ExecMainPID,ExecStart,Description,ActiveState"]) },