Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an error "error in 'search' command" in my search?

cj04
Explorer
‎03-14-2022 07:46 AM 
<title> Clam Scan Results </title> <event>
<search> ref="anti-virus scan results">
</search>
<option name="list.drilldown"
>none</option>
 
I have been trying to input this query into Splunk and I am getting the following error: error in 'search' command: unable to parse the search: Comparator '<' is missing a term on the left hand side.
 
I have removed the > before the ref, but I still get the same result. Can anyone help me solve this?
Labels (1)
Labels
Tags (3)
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-14-2022 08:14 AM

Hi @cj04 

Hope you are using your code inside dashboard, 

please use following code inside dashboard 

<row>
<panel>
<event>
<title> Clam Scan Results </title>
<search ref="anti-virus scan results"> </search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row> 

Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-14-2022 08:13 AM

Where exactly are you trying to put this text?

The quoted text is Simple XML from a dashboard, not SPL one can put into a search box.  It seems like this is being pasted into the Search & Reporting app and the SPL parser is  failing on the first '<'.

What problem are you trying to solve with this text?

---
If this reply helps you, Karma would be appreciated.
Reply

cj04
Explorer
‎03-14-2022 09:11 AM

What do I need to edit so I can post this into the Search & Reporting and get the desired outcome?

0 Karma
Reply

cj04
Explorer
‎03-14-2022 08:42 AM

What am I trying to solve is from my "Clam Scan Results" I am wanting Splunk to pick those up. I am using this text in the search portion of Splunk, but I am also new to Splunk. How can I properly get this setup where my results are posting in Splunk?

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...