Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an error "error in 'search' command" in my search?

cj04
Explorer
‎03-14-2022 07:46 AM 
<title> Clam Scan Results </title> <event>
<search> ref="anti-virus scan results">
</search>
<option name="list.drilldown"
>none</option>
 
I have been trying to input this query into Splunk and I am getting the following error: error in 'search' command: unable to parse the search: Comparator '<' is missing a term on the left hand side.
 
I have removed the > before the ref, but I still get the same result. Can anyone help me solve this?
Labels (1)
Labels
Tags (3)
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-14-2022 08:14 AM

Hi @cj04 

Hope you are using your code inside dashboard, 

please use following code inside dashboard 

<row>
<panel>
<event>
<title> Clam Scan Results </title>
<search ref="anti-virus scan results"> </search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row> 

Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-14-2022 08:13 AM

Where exactly are you trying to put this text?

The quoted text is Simple XML from a dashboard, not SPL one can put into a search box.  It seems like this is being pasted into the Search & Reporting app and the SPL parser is  failing on the first '<'.

What problem are you trying to solve with this text?

---
If this reply helps you, Karma would be appreciated.
Reply

cj04
Explorer
‎03-14-2022 09:11 AM

What do I need to edit so I can post this into the Search & Reporting and get the desired outcome?

0 Karma
Reply

cj04
Explorer
‎03-14-2022 08:42 AM

What am I trying to solve is from my "Clam Scan Results" I am wanting Splunk to pick those up. I am using this text in the search portion of Splunk, but I am also new to Splunk. How can I properly get this setup where my results are posting in Splunk?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...