All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

S.o.S - Splunk on Splunk & 6.5.0: How to resolve "Error in 'rex' command...invalid range in character class"?

tmblue
Engager
‎10-20-2016 10:59 AM 
Error in 'rex' command: Encountered the following error while compiling the regex 'search(_|\s)--id=(?<sid>[_-\w\.]+)(_|\s)--': Regex: invalid range in character class

Can't pull up SoS data, and again this seemed to work in 6.3, maybe worked in 6.4, and def does not work in 6.5. These are not my RegEx's so wondering why the current fail 🙂

Thanks
Tory

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

View solution in original post

Reply
Solved! Jump to solution

ejharts2015
Communicator
‎01-18-2017 08:22 AM

Just for others, we still use SoS on 6.5 and ran into this same issue. Changed this regex line to get the search to return:

| rex field=ARGS "search(_|\s)--id=(?<sid>[_\-\w\.]+)(_|\s)--"
Reply
Solved! Jump to solution
Solution

ppablo
Retired
‎10-20-2016 11:19 AM

Hi @tmblue

The S.o.S - Splunk on Splunk app was End of Life as of Splunk 6.3.x because it was replaced by the Distributed Management Console built into the Splunk platform, as stated at the top of the Overview of the app's page: https://splunkbase.splunk.com/app/748/

For 6.2.x, 6.3.x, and 6.4.x, refer to Splunk documentation for the Distributed Management Console:
6.2.x: http://docs.splunk.com/Documentation/Splunk/6.2.12/Admin/ConfiguretheMonitoringConsole
6.3.x: http://docs.splunk.com/Documentation/Splunk/6.3.8/DMC/DMCoverview
6.4.x: http://docs.splunk.com/Documentation/Splunk/6.4.5/DMC/DMCoverview

As of 6.5.x, it is now called the Monitoring Console:
http://docs.splunk.com/Documentation/Splunk/6.5.0/DMC/DMCoverview

Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top