All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

S.o.S - Splunk on Splunk & 6.5.0: How to resolve "Error in 'rex' command...invalid range in character class"?

tmblue
Engager
‎10-20-2016 10:59 AM 
Error in 'rex' command: Encountered the following error while compiling the regex 'search(_|\s)--id=(?<sid>[_-\w\.]+)(_|\s)--': Regex: invalid range in character class

Can't pull up SoS data, and again this seemed to work in 6.3, maybe worked in 6.4, and def does not work in 6.5. These are not my RegEx's so wondering why the current fail 🙂

Thanks
Tory

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

View solution in original post

Reply
Solved! Jump to solution

ejharts2015
Communicator
‎01-18-2017 08:22 AM

Just for others, we still use SoS on 6.5 and ran into this same issue. Changed this regex line to get the search to return:

| rex field=ARGS "search(_|\s)--id=(?<sid>[_\-\w\.]+)(_|\s)--"
Reply
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...