- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- S.o.S - Splunk on Splunk & 6.5.0: How to resolve "...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error in 'rex' command: Encountered the following error while compiling the regex 'search(_|\s)--id=(?<sid>[_-\w\.]+)(_|\s)--': Regex: invalid range in character class
Can't pull up SoS data, and again this seemed to work in 6.3, maybe worked in 6.4, and def does not work in 6.5. These are not my RegEx's so wondering why the current fail 🙂
Thanks
Tory
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tmblue
The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/
For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview
As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just for others, we still use SoS on 6.5 and ran into this same issue. Changed this regex line to get the search to return:
| rex field=ARGS "search(_|\s)--id=(?<sid>[_\-\w\.]+)(_|\s)--"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @tmblue
The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/
For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview
As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
