source="base_bds_adsl.csv" | table cd_enc ,N_BD, DDD,NUMERO_TERMINAL | eval FR=cd_enc | eval str=substr(FR,2) |eval str1=substr(str,5)| eval str2=substr(str,1,len(str)-2)| eval str3=str2+str1 | table N_BD,str,str1,str2,str3,DDD,NUMERO_TERMINAL| rename str3 as "code" | join code[search source="code_ENC_Modem_Translated.csv" Description!="DO" Description="$descr$"] |table N_BD, code ,Description,DDD,NUMERO_TERMINAL | eval cid = DDD.NUMERO_TERMINAL |table cid,Description | rename cid as line_id | join line_id [search source="Base_CPE_x_Customer_Number -Customer ID CNL+Terminal Number to Vendor Name mappings.csv" | rex "((?.*))"] | table line_id,VendorID_FIELD4,Description | stats count(line_id) as "Number Of Faults" by VendorID_FIELD4 | rename VendorID_FIELD4 as "Vendor Name"
appears in red and in rex appears green color.
Getting Unbalanced Quotes error while saving view.
Kindly help me out soon. ..
Thanking
Please put the the whole query in CDATA. Hope that solves the problem
Hi Kavyatim,
you have to use the < & > instead of < & > inside of your regex, else Splunk will use them as XML tag.
<
>
<
>
hope this helps ...
cheers, MuS
