All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

S.o.S - Splunk on Splunk & 6.5.0: How to resolve "Error in 'rex' command...invalid range in character class"?

tmblue
Engager
‎10-20-2016 10:59 AM 
Error in 'rex' command: Encountered the following error while compiling the regex 'search(_|\s)--id=(?<sid>[_-\w\.]+)(_|\s)--': Regex: invalid range in character class

Can't pull up SoS data, and again this seemed to work in 6.3, maybe worked in 6.4, and def does not work in 6.5. These are not my RegEx's so wondering why the current fail 🙂

Thanks
Tory

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Community Manager
Community Manager
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

View solution in original post

Reply
Solved! Jump to solution

ejharts2015
Communicator
‎01-18-2017 08:22 AM

Just for others, we still use SoS on 6.5 and ran into this same issue. Changed this regex line to get the search to return:

| rex field=ARGS "search(_|\s)--id=(?<sid>[_\-\w\.]+)(_|\s)--"
Reply
Solved! Jump to solution
Solution

ppablo
Community Manager
Community Manager
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

Reply
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...