Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there an error "error in 'search' command" in my search?

cj04
Explorer
‎03-14-2022 07:46 AM 
<title> Clam Scan Results </title> <event>
<search> ref="anti-virus scan results">
</search>
<option name="list.drilldown"
>none</option>
 
I have been trying to input this query into Splunk and I am getting the following error: error in 'search' command: unable to parse the search: Comparator '<' is missing a term on the left hand side.
 
I have removed the > before the ref, but I still get the same result. Can anyone help me solve this?
Labels (1)
Labels
Tags (3)
0 Karma
Reply

SanjayReddy
SplunkTrust
SplunkTrust
‎03-14-2022 08:14 AM

Hi @cj04 

Hope you are using your code inside dashboard, 

please use following code inside dashboard 

<row>
<panel>
<event>
<title> Clam Scan Results </title>
<search ref="anti-virus scan results"> </search>
<option name="list.drilldown">none</option>
</event>
</panel>
</row> 

Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-14-2022 08:13 AM

Where exactly are you trying to put this text?

The quoted text is Simple XML from a dashboard, not SPL one can put into a search box.  It seems like this is being pasted into the Search & Reporting app and the SPL parser is  failing on the first '<'.

What problem are you trying to solve with this text?

---
If this reply helps you, Karma would be appreciated.
Reply

cj04
Explorer
‎03-14-2022 09:11 AM

What do I need to edit so I can post this into the Search & Reporting and get the desired outcome?

0 Karma
Reply

cj04
Explorer
‎03-14-2022 08:42 AM

What am I trying to solve is from my "Clam Scan Results" I am wanting Splunk to pick those up. I am using this text in the search portion of Splunk, but I am also new to Splunk. How can I properly get this setup where my results are posting in Splunk?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...