Re: How can I avoid browser freeze when searched r...

petenetwork · ‎02-10-2021

When I do some searches I get records which are very long and have no newlines. The browser (Firefox in my case) effectively freezes up.

How can I avoid effectively locking up my browser when doing queries that might return such records?

petenetwork · ‎02-10-2021

I've tried adding:

|regex _raw!="^[^\r\n]{512,}"

.. and this has filtered out the long records that result in Splunk freezing my browser.

Would be great if Splunk could fix this browser-killing bug.

petenetwork · ‎02-11-2021

A better regular expression is:

|regex _raw!="(?m)^[^\r\n]{512,}"

... for the case where the long line isn't the first line. If you don't know the (?m) flag search for PCRE flags.

Or alternative ignore the anchor altogether (but this may be less performant):

|regex _raw!="[^\r\n]{512,}"

Up to you which you choose.

How can I avoid browser freeze when searched records are long with no newlines