Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an error "error in 'search' command" in my search?

cj04
Explorer
‎03-14-2022 07:46 AM 
<title> Clam Scan Results </title> <event>
<search> ref="anti-virus scan results">
</search>
<option name="list.drilldown"
>none</option>
 
I have been trying to input this query into Splunk and I am getting the following error: error in 'search' command: unable to parse the search: Comparator '<' is missing a term on the left hand side.
 
I have removed the > before the ref, but I still get the same result. Can anyone help me solve this?
Labels (1)
Labels
Tags (3)
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-14-2022 08:14 AM

Hi @cj04 

Hope you are using your code inside dashboard, 

please use following code inside dashboard 

<row>
<panel>
<event>
<title> Clam Scan Results </title>
<search ref="anti-virus scan results"> </search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row> 

Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-14-2022 08:13 AM

Where exactly are you trying to put this text?

The quoted text is Simple XML from a dashboard, not SPL one can put into a search box.  It seems like this is being pasted into the Search & Reporting app and the SPL parser is  failing on the first '<'.

What problem are you trying to solve with this text?

---
If this reply helps you, Karma would be appreciated.
Reply

cj04
Explorer
‎03-14-2022 09:11 AM

What do I need to edit so I can post this into the Search & Reporting and get the desired outcome?

0 Karma
Reply

cj04
Explorer
‎03-14-2022 08:42 AM

What am I trying to solve is from my "Clam Scan Results" I am wanting Splunk to pick those up. I am using this text in the search portion of Splunk, but I am also new to Splunk. How can I properly get this setup where my results are posting in Splunk?

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...