'ut_parse' and 'ut_shannon' not working?

loudainmarc · ‎03-09-2017

i want to find very long URL queries. taking the search:
sourcetype=bro_dns | 'ut_parse(query)' | eval length=len(query) |search blah blah
I get the error: Error in 'SearchParser': Missing a search command before '''. Error at position '27' blah blah.
i get a similar error when i try the 'ut_shannon' to try obtain domain entropy. I have successfully installed URL Toolbox to Splunk apps. is there further configuration i'm missing?

christoffertoft · ‎12-13-2017

If you're using the macro, you need to enclose the macro with backtick characters () and the macros are namedut_lookup(param1, paramX)as opposed to using the lookups:| lookup ut_shannon_lookup word as shannon_word | table word, shannon_word`

pmeyerson · ‎06-28-2017

Did you use the tick: ` or a single quote: '

pmeyerson · ‎06-28-2017

Had the same issue,
Apps -> Manage Apps -> URL Toolbox -> View Objects.
I see a bunch of lookups listed, it looks like it got renamed to ut_shannon_lookup , ut_parse_simple_lookup and ut_parse_extended_lookup. This is for whatever version of URL toolbox I downloaded today for splunk 6.6.1.

adinu · ‎05-10-2017

@OP I have the same issue. Have you figured this out ? WHat was the problem ?

jwalzerpitt · ‎10-04-2018

Any fix to this? I'm seeing the same issue as well

Thx

jwalzerpitt · ‎10-04-2018

Just replaced ut_parse with ut_parse_simple and was able to run my search

'ut_parse' and 'ut_shannon' not working?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor