Why is there an error "error in 'search' command" ...

cj04 · ‎03-14-2022

<title> Clam Scan Results </title> <event>
<search> ref="anti-virus scan results">
</search>
<option name="list.drilldown"
>none</option>

I have been trying to input this query into Splunk and I am getting the following error: error in 'search' command: unable to parse the search: Comparator '<' is missing a term on the left hand side.

I have removed the > before the ref, but I still get the same result. Can anyone help me solve this?

SanjayReddy · ‎03-14-2022

Hi @cj04

Hope you are using your code inside dashboard,

please use following code inside dashboard

<row>
<panel>
<event>
<title> Clam Scan Results </title>
<search ref="anti-virus scan results"> </search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row>

richgalloway · ‎03-14-2022

Where exactly are you trying to put this text?

The quoted text is Simple XML from a dashboard, not SPL one can put into a search box. It seems like this is being pasted into the Search & Reporting app and the SPL parser is failing on the first '<'.

What problem are you trying to solve with this text?

---
If this reply helps you, Karma would be appreciated.

cj04 · ‎03-14-2022

What do I need to edit so I can post this into the Search & Reporting and get the desired outcome?

cj04 · ‎03-14-2022

What am I trying to solve is from my "Clam Scan Results" I am wanting Splunk to pick those up. I am using this text in the search portion of Splunk, but I am also new to Splunk. How can I properly get this setup where my results are posting in Splunk?

Why is there an error "error in 'search' command" in my search?

using Splunk Enterprise

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!