Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I avoid browser freeze when searched records are long with no newlines

petenetwork
Explorer
‎02-10-2021 04:05 PM

When I do some searches I get records which are very long and have no newlines. The browser (Firefox in my case) effectively freezes up.

How can I avoid effectively locking up my browser when doing queries that might return such records?

Labels (1)
Labels
0 Karma
Reply

petenetwork
Explorer
‎02-10-2021 04:10 PM

I've tried adding:

|regex _raw!="^[^\r\n]{512,}"

.. and this has filtered out the long records that result in Splunk freezing my browser.

Would be great if Splunk could fix this browser-killing bug.

0 Karma
Reply

petenetwork
Explorer
‎02-11-2021 02:37 PM

A better regular expression is:

|regex _raw!="(?m)^[^\r\n]{512,}"

... for the case where the long line isn't the first line. If you don't know the (?m) flag search for PCRE flags.

Or alternative ignore the anchor altogether (but this may be less performant):

|regex _raw!="[^\r\n]{512,}"

Up to you which you choose.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...