Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is Colon Character in JS not working?

rkeq0515
Path Finder
‎07-26-2022 11:40 AM

I am trying to use a colon ( : ) in my js file; however, I do not see results when I use the colon.  I verified that the command works with the colon when I run it within a Search window.   I also have it working without the colon in the js file.  I just can't seem to use the colon in the js file. 

The following code in my js file does not work.

 

... | search (path IN (\"*:\\windows\\*\")) | stats count

 

 

The following code in my js file works.

 

... | search (path IN (\"*\\windows\\*\")) | stats count

 

 

I tried to escape it like I did the double-quotes, but that did not work.  Is there a way to use the colon in the js file?

 

Thanks 

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎07-26-2022 11:47 AM

@rkeq0515 - I always try multiple try-and-error when dealing with \ (backward slash).

One of these should work:

... | search path IN (\"*:\\windows\\*\") | stats count
... | search path IN (\"*:\\\windows\\\*\") | stats count
... | search path IN (\"*:\\\\windows\\\\*\") | stats count

(3 or 4 slashes should work)

 

I hope this helps!!!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

VatsalJagani
SplunkTrust
SplunkTrust
‎07-26-2022 11:47 AM

@rkeq0515 - I always try multiple try-and-error when dealing with \ (backward slash).

One of these should work:

... | search path IN (\"*:\\windows\\*\") | stats count
... | search path IN (\"*:\\\windows\\\*\") | stats count
... | search path IN (\"*:\\\\windows\\\\*\") | stats count

(3 or 4 slashes should work)

 

I hope this helps!!!

0 Karma
Reply
Solved! Jump to solution

rkeq0515
Path Finder
‎07-26-2022 12:44 PM

Thank you!  The 4 back slashes worked.  I was focused on the colon since 2 back slashes were working.  However, I see that it wasn't providing the correct data.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | When is October more than just the tenth month?

October 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

 Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...