Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I avoid browser freeze when searched records are long with no newlines

petenetwork
Explorer
‎02-10-2021 04:05 PM

When I do some searches I get records which are very long and have no newlines. The browser (Firefox in my case) effectively freezes up.

How can I avoid effectively locking up my browser when doing queries that might return such records?

Labels (1)
Labels
0 Karma
Reply

petenetwork
Explorer
‎02-10-2021 04:10 PM

I've tried adding:

|regex _raw!="^[^\r\n]{512,}"

.. and this has filtered out the long records that result in Splunk freezing my browser.

Would be great if Splunk could fix this browser-killing bug.

0 Karma
Reply

petenetwork
Explorer
‎02-11-2021 02:37 PM

A better regular expression is:

|regex _raw!="(?m)^[^\r\n]{512,}"

... for the case where the long line isn't the first line. If you don't know the (?m) flag search for PCRE flags.

Or alternative ignore the anchor altogether (but this may be less performant):

|regex _raw!="[^\r\n]{512,}"

Up to you which you choose.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Greetings, Splunk Cloud Admins and Splunk enthusiasts! The Admin Configuration Service (ACS) team is excited ...

Tech Talk | One Log to Rule Them All

One log to rule them all: how you can centralize your troubleshooting with Splunk logs We know how important ...